Skip to content

Latest commit

 

History

History
42 lines (26 loc) · 1.58 KB

073.md

File metadata and controls

42 lines (26 loc) · 1.58 KB

J4de

medium

LenderCommitmentForwarder.sol CommitmentAllowlist can only be added but not deleted

Summary

LenderCommitmentForwarder.sol CommitmentAllowlist can only be added but not deleted.

Vulnerability Detail

File: LenderCommitmentForwarder.sol
243     function updateCommitmentBorrowers(
244         uint256 _commitmentId,
245         address[] calldata _borrowerAddressList
246     ) public commitmentLender(_commitmentId) {
247         delete commitmentBorrowersList[_commitmentId];
248         _addBorrowersToCommitmentAllowlist(_commitmentId, _borrowerAddressList);
249     }

Lenders can issue a loan order through the LenderCommitmentForwarder.sol contract, and if the borrower is satisfied with the order, they can accept it to complete the loan. Unlike TellerV2.sol contract, this contract market is dominated by lenders, and lenders can choose to lend their orders only to borrowers in the whitelist.

Lenders can call updateCommitmentBorrowers function to add whitelist borrowers. The problem here is that the whitelist can only be added but not deleted, which leads to the fact that if a lender finds that a borrower no longer meets the requirements, he cannot be removed from the list.

Impact

Lenders' loans may be borrowed by untrustworthy borrowers.

Code Snippet

https://github.com/teller-protocol/teller-protocol-v2/blob/cb66c9e348cdf1fd6d9b0416a49d663f5b6a693c/packages/contracts/contracts/LenderCommitmentForwarder.sol#L240-L246

Tool used

Manual Review

Recommendation

It is recommended to add an function to delete whitelist borrowers.