Skip to content

Latest commit

 

History

History
54 lines (32 loc) · 1.76 KB

091.md

File metadata and controls

54 lines (32 loc) · 1.76 KB

Tiny Licorice Loris

Medium

ValidationLogic.validateSetUseReserveAsCollateral() will fail to stop reserves marked as freezed by admin from being used as collateral.

Summary

The frozen bool is neglected in ValidationLogic.validateSetUseReserveAsCollateral(),

https://github.com/sherlock-audit/2025-01-aave-v3-3/blob/main/aave-v3-origin/src/contracts/protocol/libraries/logic/ValidationLogic.sol#L322

Root Cause

 function validateSetUseReserveAsCollateral(
    DataTypes.ReserveCache memory reserveCache,
    uint256 userBalance
  ) internal pure {
    require(userBalance != 0, Errors.UNDERLYING_BALANCE_ZERO);

    (bool isActive, , , bool isPaused) = reserveCache.reserveConfiguration.getFlags();//@audit-issue will fail to stop reserves marked as freezed by admin from being used as collateral. (check `PoolCOnfigurator.setReserveActive()` )
    require(isActive, Errors.RESERVE_INACTIVE);
    require(!isPaused, Errors.RESERVE_PAUSED);
  }

in ValidationLogic.validateSetUseReserveAsCollateral() when the flags are gotten via reserveCache.reserveConfiguration.getFlags(), frozen bool is neglected.

This will make ValidationLogic.validateSetUseReserveAsCollateral() fail to stop users from using Reserves frozen by admin when ValidationLogic.validateSetUseReserveAsCollateral() is called in a function to validate reserve user wants to use as collateral.

Internal Pre-conditions

No response

External Pre-conditions

No response

Attack Path

No response

Impact

ValidationLogic.validateSetUseReserveAsCollateral() will fail to stop reserves marked as freezed by admin from being used as collateral.

PoC

No response

Mitigation

checked the frozen bool too and ensure the reserve isn't frozen by admins