validCollateral[0] can be added multiple times

[code423n4]

Handle

gzeon

Vulnerability details

Impact

In addCollateral of Whitelist.sol, whatever in index 0 of validCollateral can be added multiple times.

https://github.com/code-423n4/2021-12-yetifinance/blob/5f5bf61209b722ba568623d8446111b1ea5cb61c/packages/contracts/contracts/Dependencies/Whitelist.sol#L105

        if (validCollateral.length != 0 && validCollateral[0] != _collateral) {
            require(collateralParams[_collateral].index == 0, "collateral already exists");
        }

Proof of Concept

e.g. The following would not revert

await contracts.whitelist.addCollateral(contracts.weth.address, "1000000000000000000", contracts.priceFeedETH.address, 18, contracts.PriceCurveETH.address, false);
await contracts.whitelist.addCollateral(contracts.weth.address, "1000000000000000000", contracts.priceFeedETH.address, 18, contracts.PriceCurveETH.address, false);
await contracts.whitelist.addCollateral(contracts.weth.address, "1000000000000000000", contracts.priceFeedETH.address, 18, contracts.PriceCurveETH.address, false);

Recommended Mitigation Steps

        if (validCollateral.length != 0) {
            require(validCollateral[0] != _collateral && collateralParams[_collateral].index == 0, "collateral already exists");
        }

[kingyetifinance]

@LilYeti: Duplicate of #142