Blacklisting a Token Breaks View Functions in WiseSecurityHelper Contract

[c4-bot-4]

Lines of code

https://github.com/code-423n4/2024-02-wise-lending/blob/79186b243d8553e66358c05497e5ccfd9488b5e2/contracts/WiseSecurity/WiseSecurityHelper.sol#L430-L464 https://github.com/code-423n4/2024-02-wise-lending/blob/79186b243d8553e66358c05497e5ccfd9488b5e2/contracts/WiseSecurity/WiseSecurityHelper.sol#L486-L522 https://github.com/code-423n4/2024-02-wise-lending/blob/79186b243d8553e66358c05497e5ccfd9488b5e2/contracts/WiseSecurity/WiseSecurityHelper.sol#L65-L100 https://github.com/code-423n4/2024-02-wise-lending/blob/79186b243d8553e66358c05497e5ccfd9488b5e2/contracts/WiseSecurity/WiseSecurityHelper.sol#L145-L182 https://github.com/code-423n4/2024-02-wise-lending/blob/79186b243d8553e66358c05497e5ccfd9488b5e2/contracts/WiseSecurity/WiseSecurityHelper.sol#L1080-L1089

Vulnerability details

Impact

The WiseSecurityHelper.sol contract contains several view functions that rely on the _checkPoolCondition function to ensure that a token is not blacklisted before proceeding with calculations. If a token is blacklisted, these view functions will revert, which is not the expected behavior for view functions. They should return data without modifying the state of the contract.

The affected view functions include:

• overallETHBorrow (https://github.com/code-423n4/2024-02-wise-lending/blob/79186b243d8553e66358c05497e5ccfd9488b5e2/contracts/WiseSecurity/WiseSecurityHelper.sol#L430-L464)
• _overallETHBorrow (https://github.com/code-423n4/2024-02-wise-lending/blob/79186b243d8553e66358c05497e5ccfd9488b5e2/contracts/WiseSecurity/WiseSecurityHelper.sol#L486-L522)
• overallETHCollateralsWeighted (https://github.com/code-423n4/2024-02-wise-lending/blob/79186b243d8553e66358c05497e5ccfd9488b5e2/contracts/WiseSecurity/WiseSecurityHelper.sol#L65-L100)
• _overallETHCollateralsWeighted (https://github.com/code-423n4/2024-02-wise-lending/blob/79186b243d8553e66358c05497e5ccfd9488b5e2/contracts/WiseSecurity/WiseSecurityHelper.sol#L145-L182)

Each of these functions calls _checkPoolCondition within a loop that iterates over the tokens associated with a given NFT position. If a token is blacklisted, the _checkPoolCondition function will revert, causing these view functions to fail.

Proof of Concept

As shown below, the _checkPoolCondition function is called within these view functions listed above to check if a token is blacklisted. Here is the _checkPoolCondition function:

https://github.com/code-423n4/2024-02-wise-lending/blob/79186b243d8553e66358c05497e5ccfd9488b5e2/contracts/WiseSecurity/WiseSecurityHelper.sol#L1080-L1089

 function _checkPoolCondition(
        address _poolToken
    )
        internal
        view
    {
        if (_checkBlacklisted(_poolToken) == true) {
            revert TokenBlackListed();
        }
    }

Tools Used

Manual Review

Recommended Mitigation Steps

Modify the _checkPoolCondition function to return a boolean instead of reverting, and use this function in view functions to determine if the token is blacklisted without affecting the execution flow. Example shown below:

function _checkPoolCondition(
    address _poolToken
)
    internal
    view
    returns (bool)
{
    return !_checkBlacklisted(_poolToken);
}

Assessed type

Invalid Validation

[c4-pre-sort]

GalloDaSballo marked the issue as insufficient quality report

[GalloDaSballo]

Simply false, view functions can revert

[c4-judge]

trust1995 marked the issue as unsatisfactory: Invalid