when a user makes a withdraw request and after that, the keeper executes the user's request executeWithdraw function calls the executeWithdraw function after withdraw function is called and the withdraw function checks token supports collateral or not and if the token does not support collateral doesn't allow withdraw process continues and this causes the withdraw process stops
Impact
Users cannot withdraw their assets if admin omit specific token from trade token list
pashap9990
Medium
Users cannot withdraw their assets if admin omit specific token from trade token list
Summary
Admin maybe decide to omit specific token from trade token list and this can have many reason and when admin does this action, users cannot withdraw their token
Vulnerability Detail
when a user makes a withdraw request and after that, the keeper executes the user's request executeWithdraw function calls the executeWithdraw function after withdraw function is called and the withdraw function checks token supports collateral or not and if the token does not support collateral doesn't allow withdraw process continues and this causes the withdraw process stops
Impact
Users cannot withdraw their assets if admin omit specific token from trade token list
Code Snippet
https://github.com/sherlock-audit/2024-05-elfi-protocol/blob/main/elfi-perp-contracts/contracts/process/AssetsProcess.sol#L126 https://github.com/sherlock-audit/2024-05-elfi-protocol/blob/main/elfi-perp-contracts/contracts/storage/AppTradeConfig.sol#L84
Tool used
Manual Review
Recommendation