search

sherlock-audit / 2023-07-blueberry-judging

2 stars 1 forks source link

Strausses - Only one action can be allowed #129

Closed sherlock-admin2 closed 1 year ago

sherlock-admin2 commented 1 year ago

Strausses

medium

Only one action can be allowed

Summary

Only one type of action can be allowed to be performed thought a contract at one moment.

Vulnerability Detail

The problem is that only one type of action can be performed at the moment. For instance, Only Borrow allowed, OR only Repay allowed, OR only Lend Allowed etc. So the owner cannot allow users to borrow and repay at the same time.

Impact

Limitation users. The user cannot repay at any time. For instance, if the current state of the bank is set to a different phase. Which may lead to user liquidation

Code Snippet

https://github.com/sherlock-audit/2023-07-blueberry/blob/main/blueberry-core/contracts/BlueBerryBank.sol#L298-L335

Tool used

Manual Review

Recommendation

Add separate "bankStatus" for each action

sherlock-admin2 commented 1 year ago

2 comment(s) were left on this issue during the judging contest.

0xyPhilic commented:

invalid because it is a design choice - informational issue

Kral01 commented:

This is intended