The addPaymentToken function allows adding duplicate token addresses to the _paymentTokens
Summary
The addPaymentToken function allows adding duplicate token addresses to the _paymentTokens
Vulnerability Detail
The require statement in the addPaymentToken function checks if the add operation on the _paymentTokens set was successful. However, it does not explicitly check if the token address already exists in the set before attempting to add it.
Impact
if the add operation succeeds despite the token address already being present in the set, duplicate token addresses can be added to the _paymentTokens set. This can lead to unintended behavior and data inconsistencies. Even when a token address is removed for a particular reason, if there are duplicates, the removed token address would still be in the set.
Sabit
medium
The
addPaymentTokenfunction allows adding duplicate token addresses to the_paymentTokensSummary
The
addPaymentTokenfunction allows adding duplicate token addresses to the_paymentTokensVulnerability Detail
The
requirestatement in theaddPaymentTokenfunction checks if theaddoperation on the_paymentTokensset was successful. However, it does not explicitly check if the token address already exists in the set before attempting to add it.Impact
if the
addoperation succeeds despite the token address already being present in the set, duplicate token addresses can be added to the_paymentTokensset. This can lead to unintended behavior and data inconsistencies. Even when a token address is removed for a particular reason, if there are duplicates, the removed token address would still be in the set.Code Snippet
require(_paymentTokens.add(token), "MV: already added");https://github.com/sherlock-audit/2024-05-midas/blob/main/midas-contracts/contracts/abstract/ManageableVault.sol#L107C7-L107C65
Tool used
Manual Review
Recommendation
require(!_paymentTokens.add(token), "MV: already added");