LienToken._deleteLienPosition is public

https://github.com/sherlock-audit/2022-10-astaria/blob/main/src/LienToken.sol/#L652

function _deleteLienPosition(uint256 collateralId, uint256 position) public {
    uint256[] storage stack = liens[collateralId];
    require(position < stack.length, "index out of bounds");

    emit RemoveLien(
      stack[position],
      lienData[stack[position]].collateralId,
      lienData[stack[position]].position
    );
    for (uint256 i = position; i < stack.length - 1; i++) {
      stack[i] = stack[i + 1];
    }
    stack.pop();
  }

Impact

lienData is used everywhere, for instance in getTotalDebtForCollateralToken.

function getTotalDebtForCollateralToken(uint256 collateralId)
    public
    view
    returns (uint256 totalDebt)
  {
    uint256[] memory openLiens = getLiens(collateralId);
    totalDebt = 0;
    for (uint256 i = 0; i < openLiens.length; ++i) {
      totalDebt += _getOwed(lienData[openLiens[i]]);
    }
  }

If any user can delete lien position without any access control, then this function would return invalid value(lienData[openLiens[i]] would be deleted)

Mitigation

Make the _deleteLienPosition requiresAuth or internal

Duplicate of #233

sherlock-audit / 2022-10-astaria-judging

tives - LienToken._deleteLienPosition is public #249

LienToken._deleteLienPosition is public

Impact

Mitigation