increaseDebt()
should check if the asset is in isAllowed
#175
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-91
satisfactory
satisfies C4 submission criteria; eligible for awards
Lines of code
https://github.com/with-backed/papr/blob/9528f2711ff0c1522076b9f93fba13f88d5bd5e6/src/PaprController.sol#L456-L479
Vulnerability details
Impact
There is no check on the asset in
increaseDebt()
, resulting in any asset being able to add debt.Only assets in the
isAllowed
list should be allowed to operate hereProof of Concept
Tools Used
vscode
Recommended Mitigation Steps
Add a determination of whether the asset is in the isAllowed list
The text was updated successfully, but these errors were encountered: