Description:Description\
If powerFarm has at least 2 collaterals including a blacklisted token (or more if collaterals is = blacklisted + 1) and borrow doesnt include one you could theoretically withdraw a non blacklsted token from a position with open borrow since in healthstatecheck it calls if powerFarm true overallETHCollateralsBare
function overallETHCollateralsBare(
uint256 _nftId
)
public
view
returns (uint256 amount)
{
address tokenAddress;
uint256 i;
uint256 l = WISE_LENDING.getPositionLendingTokenLength(
_nftId
);
while (i < l) {
tokenAddress = WISE_LENDING.getPositionLendingTokenByIndex(
_nftId,
i
);
amount += getFullCollateralETH(
_nftId,
tokenAddress
);
unchecked {
++i;
}
}
}
Since if you call withdraw it checks if token is blacklisted this only works to withdraw a non blacklisted token while still holding a blacklisted token in the position too. This might be out of scope since you can just say powerFarms always have 1 collateral.
Attack Scenario\
Depending on why the token is blacklisted this could lead to bad debt etc.
Github username: -- Twitter username: -- Submission hash (on-chain): 0x7c94d55332eb7982d1f529093b15584d101a8bb92cf98809defc152eb5022c54 Severity: medium
Description: Description\ If powerFarm has at least 2 collaterals including a blacklisted token (or more if collaterals is = blacklisted + 1) and borrow doesnt include one you could theoretically withdraw a non blacklsted token from a position with open borrow since in healthstatecheck it calls if powerFarm true overallETHCollateralsBare
and this lacks _checkPoolCondition:
Since if you call withdraw it checks if token is blacklisted this only works to withdraw a non blacklisted token while still holding a blacklisted token in the position too. This might be out of scope since you can just say powerFarms always have 1 collateral.
Attack Scenario\ Depending on why the token is blacklisted this could lead to bad debt etc.
Attachments
Proof of Concept (PoC) File
Revised Code File (Optional)