Incorrect operator in CollateralToken.settleAuction
checks
#376
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-582
satisfactory
satisfies C4 submission criteria; eligible for awards
Lines of code
https://github.com/code-423n4/2023-01-astaria/blob/1bfc58b42109b839528ab1c21dc9803d663df898/src/CollateralToken.sol#L526
Vulnerability details
Description:
CollateralToken.settleAuction
intends to enforce that both an auction exists for the collateralId and the ClearingHouse is the owner of the collateral, but instead it enforces only one of them by only reverting if they're both invalid.Remediation:
Should be replaced with
The text was updated successfully, but these errors were encountered: