Disabled NFT collateral should not be used to mint debt #91
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
M-02
primary issue
Highest quality submission among a set of duplicates
satisfactory
satisfies C4 submission criteria; eligible for awards
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Lines of code
https://github.com/with-backed/papr/blob/9528f2711ff0c1522076b9f93fba13f88d5bd5e6/src/PaprController.sol#L365
https://github.com/with-backed/papr/blob/9528f2711ff0c1522076b9f93fba13f88d5bd5e6/src/PaprController.sol#L138
Vulnerability details
Impact
Disabled collateral can still be used to mint debt
Proof of Concept
There is a access control function in PaprController.sol
According to IPaprController, if the collateral is disabled set to false, the user should not be allowed to mint debt using the collateral,
However, the code only checks if the collateral is allowed when adding collateral,
but does not have the same check when minting debt, then user can use diabled collateral to mint debt.
As shown in the coded POC
We can add the following test to increaseDebt.t.sol
https://github.com/with-backed/papr/blob/9528f2711ff0c1522076b9f93fba13f88d5bd5e6/test/paprController/IncreaseDebt.t.sol#L32
We disable the collateral but still able to mint debt by calling increaseDebt
We run the test
The test pass, but the test should revert.
Tools Used
Manual Review
Recommended Mitigation Steps
We recommend the project add check to make sure when the collateral is disabled, the collateral should not be used to mint debt
The text was updated successfully, but these errors were encountered: