MVKsentry - Collateral Validation Logic in matchOffersV3 Function #1017
Comments
sherlock-admin3
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
sherlock-admin3
changed the title
MVKsentry
High
Collateral Validation Logic in matchOffersV3 Function
Summary
In
DebitaV3Aggregator.solthematchOffersV3function, there's a requirement that checks whether the collateral provided is valid based on certain conditions. This condition erroneously uses !borrowInfo.isNFT (the logical NOT of borrowInfo.isNFT). The correct logic should use borrowInfo.isNFT without the logical NOT operator. This issue affects the acceptance of collateral, potentially allowing invalid or unverified assets and rejecting valid ones, which can lead to security vulnerabilities and operational problems within the protocol.Root Cause
In DebitaV3Aggregator.sol:299-303 the
requireline has wrong logic:!borrowInfo.isNFT. The logic should beborrowInfo.isNFTbecause we are accepting NFTs.Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
Unintended Acceptance of Non-NFT Collateral: Non-NFT collateral is accepted even if it is not a valid receipt. This could allow unverified or malicious ERC20 tokens to be used as collateral, posing a risk to the protocol.
Rejection of Valid NFT Collateral: NFTs that are not listed as valid receipts are rejected, even though the protocol intends to accept any NFT as collateral. This limits the range of acceptable NFTs and may prevent users from leveraging legitimate assets.
PoC
No response
Mitigation
No response
The text was updated successfully, but these errors were encountered: