Token can't be redeemed if it was deleted from whitelist
Summary
User funds locks in case of removing token from whitelist
Vulnerability Detail
There is a whitelistedAssets - whitelist for tokens user can use as collateral
But if some token A was removed from whitelist after Alice used it as collateral, it will be impossible to redeem this token and it will be locked in depositary
R2
medium
Token can't be redeemed if it was deleted from whitelist
Summary
User funds locks in case of removing token from whitelist
Vulnerability Detail
There is a
whitelistedAssets
- whitelist for tokens user can use as collateral But if some tokenA
was removed from whitelist after Alice used it as collateral, it will be impossible to redeem this token and it will be locked in depositaryImpact
User funds lock
Code Snippet
https://github.com/sherlock-audit/2023-01-uxd/blob/main/contracts/core/UXDController.sol#L98
Tool used
Manual Review
Recommendation
Remove this whitelist check from
redeem()
functionDuplicate of #385