NFT are no longer on the allowed list and can still increase debt #223
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-91
satisfactory
satisfies C4 submission criteria; eligible for awards
Lines of code
https://github.com/with-backed/papr/blob/9528f2711ff0c1522076b9f93fba13f88d5bd5e6/src/PaprController.sol#L138-L145
https://github.com/with-backed/papr/blob/9528f2711ff0c1522076b9f93fba13f88d5bd5e6/src/PaprController.sol#L493-L517
Vulnerability details
Impact
NFT are no longer on the allowed list and can still increase debt
PaprController restricts which NFTs are allowed to be used as collateral by isAllowed.
When an NFT is already at risk and no longer suitable as collateral, owner can set isAllowed[nft] to false
so that subsequent calls to addCollateral() can not be used as collateral for this NFT, so as to avoid the risk of this NFT is no longer safe.
But here is a problem, the user has been added as collateral in the previous, the user can still continue to borrow through increaseDebt(), and did not check that this NFT is no longer allowed.
I think this is unreasonable, if it is no longer in the allowed list, should not be able to borrow through it again. Avoid bringing the risk of funds.
Other:liquidating/repaying is ok, even if NFT is not on the list
Proof of Concept
As follows, increaseDebt() does not check whether the NFT is still on the allowed list
Tools Used
Recommended Mitigation Steps
if NFT don't in allowed list will revert
The text was updated successfully, but these errors were encountered: