search

code-423n4 / 2023-12-initcapital-findings

3 stars 3 forks source link

A wLP collateral that is no longer whitelisted but was at some point won't let users decollateralize or be liquidated #41

Closed c4-bot-3 closed 10 months ago

c4-bot-3 commented 11 months ago

Lines of code

https://github.com/code-423n4/2023-12-initcapital/blob/main/contracts/core/InitCore.sol#L327

Vulnerability details

Impact

Users who collateralized using wLP won't ever be liquidated unless the wLP is whitelisted back, but this could be dangerous depending on the reason it was removed from the whitelist. They can't also decollateralize. The severity of this issue depends entirely on the reason of the removal.

Proof of Concept

Add the following code before this line:

address[] memory wlps = new address[](1);
wlps[0] = address(mockWLpUniV2);
config.setWhitelistedWLps(wlps, false);

The test will fail due to the fact that the wLP is no longer whitelisted, due to the check here.

Tools Used

Vscode, Foundry

Recommended Mitigation Steps

2 different allowlists should be set, one for collateralizing and another for decollateralizing/liquidating. This way, a WLP can be removed from collateralizing only, being it still possible to decollateralize/liquidate. In case the wLP is compromised or similar, it can be removed from both whitelists.

Assessed type

Access Control

c4-judge commented 10 months ago

hansfriese marked the issue as duplicate of #13

c4-judge commented 10 months ago

hansfriese marked the issue as satisfactory