Open code423n4 opened 2 years ago
https://github.com/code-423n4/2022-04-dualityfocus/blob/main/contracts/compound_rari_fork/Comptroller.sol#L174 exitMarket() function does not check if tokenAddress is valid and present in the markets. See test below, it passes
await this.comptroller .connect(this.user1) .enterMarkets([this.zETH.address, this.user2.address, this.user2.address]);
let errCode = await this.comptroller .connect(this.user1) .exitMarket(this.zETH.address); //console.log("Error code iss:", errCode) expect(errCode.value).to.be.eq(BigNumber.from(0)); errCode = await this.comptroller .connect(this.user1) .exitMarket(this.zUSDC.address); expect(errCode.value).to.be.eq(BigNumber.from(0));
https://github.com/code-423n4/2022-04-dualityfocus/blob/main/contracts/compound_rari_fork/Comptroller.sol#L174 exitMarket() function does not check if tokenAddress is valid and present in the markets. See test below, it passes
await this.comptroller .connect(this.user1) .enterMarkets([this.zETH.address, this.user2.address, this.user2.address]);