Closed github-actions[bot] closed 1 year ago
Avci
high
grifing and stoping people from operating actions that needs collateral reason: there is no check for checking caller is colateral funder or not
reason: there is no check for checking caller is collateral funder or not
stoping people from operating actions
function takeCollateral(uint256 amount) external override inExec returns (uint256) { Position storage pos = positions[POSITION_ID]; if (amount == type(uint256).max) { amount = pos.collateralSize; } pos.collateralSize -= amount; IERC1155Upgradeable(pos.collToken).safeTransferFrom( address(this), msg.sender, pos.collId, amount, "" ); emit TakeCollateral( POSITION_ID, msg.sender, pos.collToken, pos.collId, amount ); return amount; } /**
https://github.com/sherlock-audit/2023-02-blueberry/blob/main/contracts/BlueBerryBank.sol#L820
Manual Review
check if the caller is actually a funder of collateral
Avci
high
grifing and stoping people from operating actions that needs colaterall
Summary
grifing and stoping people from operating actions that needs collateral reason: there is no check for checking caller is colateral funder or not
Vulnerability Detail
reason: there is no check for checking caller is collateral funder or not
Impact
stoping people from operating actions
Code Snippet
https://github.com/sherlock-audit/2023-02-blueberry/blob/main/contracts/BlueBerryBank.sol#L820
Tool used
Manual Review
Recommendation
check if the caller is actually a funder of collateral