Lack of access control for the liquidateCollateral function

Summary

The liquidateCollateral function does not restrict access to only the lender or the liquidator, potentially allowing unauthorized parties to call the function and claim collateral.

Vulnerability Detail

In the TellerV2Context.sol contract, the liquidateCollateral function lacks proper access control, allowing any address to call the function and potentially claim collateral. This could lead to unauthorized liquidation of loans and loss of collateral.

Impact

Potential unauthorized liquidation of loans and loss of collateral.

Code Snippet

https://github.com/sherlock-audit/2023-03-teller/blob/main/teller-protocol-v2/packages/contracts/contracts/CollateralManager.sol#L268

Tool used

Manual Review

Recommendation

Implement proper access control in the liquidateCollateral function to restrict access to only the lender or the liquidator.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

049.md

049.md

Lack of access control for the liquidateCollateral function

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

Files

049.md

Latest commit

History

049.md

File metadata and controls

Lack of access control for the liquidateCollateral function

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation