bareli - no ckeck for market listed for "setPriceFeed"

[sherlock-admin2]

bareli

medium

no ckeck for market listed for "setPriceFeed"

Summary

No check whether market is listed or not.

Vulnerability Detail

function setPriceFeed(Market market, IPriceFeed priceFeed) external onlyRole(DEFAULT_ADMIN_ROLE) { if (address(priceFeed) != BASE_FEED && priceFeed.decimals() != priceDecimals) revert InvalidPriceFeed(); markets[market].priceFeed = priceFeed; emit PriceFeedSet(market, priceFeed); }

Impact

Sets the adjust factor for a certain market

Code Snippet

https://github.com/sherlock-audit/2024-04-interest-rate-model/blob/main/protocol/contracts/Auditor.sol#L382

Tool used

Manual Review

Recommendation

if (!markets[market].isListed) revert MarketNotListed();

[santipu03]

The issue is invalid because the owner is TRUSTED, so it's assumed that the correct values will be provided as parameters in that function.