When invoking SellUSSDBuyCollateral, if CollateralList is being edited, the function may exit without achieving its objective.
Summary
IUSSD(USSD).collateralList() may cause the list to be temporarily empty because elements can be deleted by the administrator.
In that case, the process of using the list in SellUSSDBuyCollateral is skipped, and the function ends with the process halfway through.
Vulnerability Detail
In SellUSSDBuyCollateral, there is a process that loops through the collateral array as for (uint256 i = 0; i < collateral.length; i++).
However, if the array is empty, this process is skipped.
In this process, DAI should be swapped to the collateral, but it is not executed and only DAI remains in the contract.
Impact
The objective of the BuyCollateral part of SellUSSDBuyCollateral cannot be achieved. Unable to maintain the portfolio of collateral that was anticipated.
innertia
medium
When invoking SellUSSDBuyCollateral, if CollateralList is being edited, the function may exit without achieving its objective.
Summary
IUSSD(USSD).collateralList()may cause the list to be temporarily empty because elements can be deleted by the administrator. In that case, the process of using the list inSellUSSDBuyCollateralis skipped, and the function ends with the process halfway through.Vulnerability Detail
In
SellUSSDBuyCollateral, there is a process that loops through the collateral array asfor (uint256 i = 0; i < collateral.length; i++). However, if the array is empty, this process is skipped. In this process, DAI should be swapped to the collateral, but it is not executed and only DAI remains in the contract.Impact
The objective of the
BuyCollateralpart ofSellUSSDBuyCollateralcannot be achieved. Unable to maintain the portfolio of collateral that was anticipated.Code Snippet
https://github.com/sherlock-audit/2023-05-USSD/blob/6d7a9fdfb1f1ed838632c25b6e1b01748d0bafda/ussd-contracts/contracts/USSDRebalancer.sol#L189 https://github.com/sherlock-audit/2023-05-USSD/blob/6d7a9fdfb1f1ed838632c25b6e1b01748d0bafda/ussd-contracts/contracts/USSDRebalancer.sol#L196
Tool used
Manual Review
Recommendation
If the array is zero, the function cannot be invoked or the array cannot be edited to zero