sherlock-admin2
commented
9 months ago 1 comment(s) were left on this issue during the judging contest.
auditsea commented:
Not required
Closed sherlock-admin closed 9 months ago
sherlock-admin2
commented
9 months ago 1 comment(s) were left on this issue during the judging contest.
auditsea commented:
Not required
sherlock-admin2
commented
9 months ago 1 comment(s) were left on this issue during the judging contest.
auditsea commented:
Not required
qmdddd
medium
The function
freeCollateralBalanceandgetDollarInCollateraldon't check whether the Collateral is enabled.Summary
The function
freeCollateralBalanceandgetDollarInCollateraldon't check whether the Collateral is enabled.Vulnerability Detail
The function
freeCollateralBalanceandgetDollarInCollateraldon't check whether the Collateral is enabled. As functionfreeCollateralBalanceandgetDollarInCollateralare external functions, it should prevent queries on disabled collaterals.Impact
Disabled collaterals’ information (free balance and price) will be leaked.
Code Snippet
https://github.com/sherlock-audit/2023-12-ubiquity/blob/main/ubiquity-dollar/packages/contracts/src/dollar/libraries/LibUbiquityPool.sol#L268-L276
https://github.com/sherlock-audit/2023-12-ubiquity/blob/main/ubiquity-dollar/packages/contracts/src/dollar/libraries/LibUbiquityPool.sol#L284-L294
Tool used
Manual Review
Recommendation
Add modifier collateralEnabled.
Duplicate of #23