Tall Burgundy Nightingale
High
Lack of blacklist validation in defiSwap function could accidentally allow blacklisted addresses to execute trades if a SWAPPER_ROLE processes their request without checking blacklist status, potentially undermining the blacklist security mechanism.
In AmirX.sol, the defiSwap function only checks if the wallet address is zero but fails to validate against the blacklist status:
Address needs to be blacklisted by blacklister role
SWAPPER_ROLE processes a swap request without manually checking blacklist status
Contract must not be paused
No response
Address gets blacklisted for legitimate reasons
Blacklisted address submits a swap request through normal channels
SWAPPER_ROLE, unaware of blacklist status, processes the request through defiSwap
Transaction succeeds despite blacklist status as there's no automatic check
Blacklisted address successfully executes trades
The effectiveness of the blacklist mechanism is reduced as blacklisted addresses might accidentally have their trades processed.
This creates additional operational burden on SWAPPER_ROLE who must manually check blacklist status, and increases the risk of accidental processing of blacklisted trades.
No response
Add automatic blacklist check in _verifyDefiSwap function:
function _verifyDefiSwap(address wallet, DefiSwap memory defi) internal view {
// Add blacklist check here
require(!Blacklist(stablecoin).blacklisted(wallet), "AmirX: wallet blacklisted");
// existing checks...
}