Skip to content

Latest commit

 

History

History
45 lines (29 loc) · 1.31 KB

019.md

File metadata and controls

45 lines (29 loc) · 1.31 KB

J4de

medium

TellerV2Context.sol can only approve MarketForwarder and cannot cancel

Summary

TellerV2Context.sol can only approve MarketForwarder and cannot cancel

Vulnerability Detail

File: TellerV2Context.sol
 87     function approveMarketForwarder(uint256 _marketId, address _forwarder)
 88         external
 89     {
 90         require(
 91             isTrustedMarketForwarder(_marketId, _forwarder),
 92             "Forwarder must be trusted by the market"
 93         );
 94         _approvedForwarderSenders[_forwarder].add(_msgSender());
 95         emit MarketForwarderApproved(_marketId, _forwarder, _msgSender());
 96     }

When the user trusts a forwarder contract and lends/borrows through this forwarder contract, it will call approveMarketForwarder to approve the forwarder contract.

When the user completes the loan on this forwarder or no longer trusts the forwarder, the user should be able to cancel the approve forwarder.

Impact

The user cannot cancel the trust of the forwarder, and the assets are threatened.

Code Snippet

https://github.com/teller-protocol/teller-protocol-v2/blob/cb66c9e348cdf1fd6d9b0416a49d663f5b6a693c/packages/contracts/contracts/TellerV2Context.sol#L87

Tool used

Manual Review

Recommendation

It is recommended to add a cancel function.