VAL-34 Add guards against funding untrusted loans (#48)

circlefin · Oct 14, 2022 · 42e1cde · 42e1cde
1 parent 9be4b75
commit 42e1cde
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 41 deletions.
diff --git a/contracts/Pool.sol b/contracts/Pool.sol
@@ -226,6 +226,15 @@ contract Pool is IPool, ERC20 {
         onlyManager
         atState(IPoolLifeCycleState.Active)
     {
+        require(
+            PoolLib.isPoolLoan(
+                addr,
+                address(_serviceConfiguration),
+                address(this)
+            ),
+            "Pool: invalid loan"
+        );
+
         ILoan loan = ILoan(addr);
 
         _liquidityAsset.safeApprove(address(loan), loan.principal());

diff --git a/test/Pool.test.ts b/test/Pool.test.ts
@@ -280,6 +280,29 @@ describe("Pool", () => {
           pool.connect(otherAccount).fundLoan(otherAccount.address)
         ).to.be.revertedWith("Pool: caller is not manager");
       });
+
+      it("reverts if pool is not active", async () => {
+        const { pool, otherAccount, poolManager } = await loadFixture(
+          loadPoolFixture
+        );
+
+        expect(await pool.lifeCycleState()).to.equal(0); // initialized
+
+        await expect(
+          pool.connect(poolManager).fundLoan(otherAccount.address)
+        ).to.be.revertedWith("Pool: FunctionInvalidAtThisLifeCycleState");
+      });
+
+      it("reverts if loan address is not recognized", async () => {
+        const { pool, liquidityAsset, otherAccount, poolManager } =
+          await loadFixture(loadPoolFixture);
+
+        expect(await pool.lifeCycleState()).to.equal(0); // initialized
+        await activatePool(pool, poolManager, liquidityAsset);
+
+        await expect(pool.connect(poolManager).fundLoan(otherAccount.address))
+          .to.be.reverted;
+      });
     });
 
     describe("defaultLoan()", () => {

diff --git a/test/libraries/PoolLib.test.ts b/test/libraries/PoolLib.test.ts
@@ -438,45 +438,4 @@ describe("PoolLib", () => {
       ).to.equal(true);
     });
   });
-
-  describe("isPoolLoan()", async () => {
-    it("reverts if not passed an ILoan", async () => {
-      const { poolLibWrapper, serviceConfiguration, caller } =
-        await loadFixture(deployFixture);
-
-      await expect(
-        poolLibWrapper.isPoolLoan(
-          caller.address,
-          serviceConfiguration.address,
-          poolLibWrapper.address
-        )
-      ).to.be.reverted;
-    });
-
-    it("reverts if not passed a service configuration", async () => {
-      const { poolLibWrapper, loan } = await loadFixture(deployFixture);
-
-      await expect(
-        poolLibWrapper.isPoolLoan(
-          loan.address,
-          loan.address,
-          poolLibWrapper.address
-        )
-      ).to.be.reverted;
-    });
-
-    it("returns true if conditions are met", async () => {
-      const { poolLibWrapper, loan, serviceConfiguration } = await loadFixture(
-        deployFixture
-      );
-
-      expect(
-        await poolLibWrapper.isPoolLoan(
-          loan.address,
-          serviceConfiguration.address,
-          poolLibWrapper.address
-        )
-      ).to.equal(true);
-    });
-  });
 });