J4de
medium
LenderCommitmentForwarder.sol
CommitmentAllowlist
can only be added but not deleted.
File: LenderCommitmentForwarder.sol
243 function updateCommitmentBorrowers(
244 uint256 _commitmentId,
245 address[] calldata _borrowerAddressList
246 ) public commitmentLender(_commitmentId) {
247 delete commitmentBorrowersList[_commitmentId];
248 _addBorrowersToCommitmentAllowlist(_commitmentId, _borrowerAddressList);
249 }
Lenders can issue a loan order through the LenderCommitmentForwarder.sol
contract, and if the borrower is satisfied with the order, they can accept it to complete the loan. Unlike TellerV2.sol
contract, this contract market is dominated by lenders, and lenders can choose to lend their orders only to borrowers in the whitelist.
Lenders can call updateCommitmentBorrowers
function to add whitelist borrowers. The problem here is that the whitelist can only be added but not deleted, which leads to the fact that if a lender finds that a borrower no longer meets the requirements, he cannot be removed from the list.
Lenders' loans may be borrowed by untrustworthy borrowers.
Manual Review
It is recommended to add an function to delete whitelist borrowers.