Borrowing non-approved tokens can bypass trading restrictions
Inch_Module swaps validate that the output token is approved, but Aave, Silo, and Dolomite borrow functions accept any token regardless of whether it is on the strategy's allow-list. A trader can borrow a non-approved token, holding an asset the strategy was never meant to hold.
Description
In the Inch_Module swap functions, the output token is verified to ensure it is approved by the protocol. This validation helps maintain trust that only pre-approved tokens will be traded.
However, the trader can still borrow non-approved tokens, bypassing this restriction. This undermines the assumption that only approved tokens can be used or held by the Strategy contract.
The same gap exists in Silo_Module::silo_borrow and Dolomite_Module::dolomite_openBorrowPosition.
Impact
The expectation that only approved tokens will be used in trading can be violated if a trader borrows and holds non-approved tokens. This weakens the protocol's asset control and may introduce unforeseen risks.
Recommendation
Consider validating that the borrowed tokens in Aave, Silo and Dolomite are also approved tokens.
Resolution
D2: Fixed for Aave and Silo in 1704b31, Dolomite acknowledged.
Cyfrin: Verified.