_addDebtToMember and _removeDebtFromMember separately tracks debt and collateral

Question

_addDebtToMember and _removeDebtFromMember separately tracks debt and collateral

code423n4 opened this issue 3 years ago · 1 comments

Handle

paulius.eth

Vulnerability details

Impact

Why functions _addDebtToMember and _removeDebtFromMember separately tracks debt and collateral? it is always the same: if the debt is increased, collateral is also increased, if the debt is decreased, collateral is also decreased. any particular reason to keep both of these variables that change together?
function _addDebtToMember(address _member, uint _collateral, address _collateralAsset, uint _debt, address _debtAsset) internal {
mapMember_Collateral[_member].mapCollateral_Debt[_collateralAsset].debt[_debtAsset] += _debt;
mapMember_Collateral[_member].mapCollateral_Debt[_collateralAsset].collateral[_debtAsset] += _collateral;
}
function _removeDebtFromMember(address _member, uint _collateral, address _collateralAsset, uint _debt, address _debtAsset) internal {
mapMember_Collateral[_member].mapCollateral_Debt[_collateralAsset].debt[_debtAsset] -= _debt;
mapMember_Collateral[_member].mapCollateral_Debt[_collateralAsset].collateral[_debtAsset] -= _collateral;
}

Answer 1 · 2021-05-20T20:28:31.000Z

The values are different so need to be tracked differently... unless I'm missing something, this is invalid