Closed sherlock-admin closed 1 year ago
radev_sw
medium
Blacklisted accounts can DoS the withdraw collateral system
The safeTransfer() to blacklisted user will fail. It will also brick the withdrawal collateral system because the blacklisted user is never cleared.
safeTransfer()
DoS of USDC withdrawal system
https://github.com/sherlock-audit/2023-04-unitasprotocol/blob/main/Unitas-Protocol/src/InsurancePool.sol#L98-L109
Manual Review
Can check if msg.sender is blacklisted users inside the withdrawCollateral() function.
withdrawCollateral()
radev_sw
medium
Blacklisted accounts can DoS the withdraw collateral system
Summary
Blacklisted accounts can DoS the withdraw collateral system
Vulnerability Detail
The
safeTransfer()to blacklisted user will fail. It will also brick the withdrawal collateral system because the blacklisted user is never cleared.Impact
DoS of USDC withdrawal system
Code Snippet
https://github.com/sherlock-audit/2023-04-unitasprotocol/blob/main/Unitas-Protocol/src/InsurancePool.sol#L98-L109
Tool used
Manual Review
Recommendation
Can check if msg.sender is blacklisted users inside the
withdrawCollateral()function.