Severity => HIGH File => BulletLoans.sol
Address:0x8ddf7021fEA12A277F75414a1BAC32F1586cB5E6
Name: 2_HIGH_PUBLIC_MODIFIER Description: The following function should not be public. A modifier should be added like onlyManager or onlyManagedPortfolio. The function should only be called by specific address.
function createLoan
Failure Points:
Even though no fund will be lost, this will change the
calculations of liquidity without minting.
This can result in changed behavior in liquidValue() + illiquidValue()
If this value is used to provide supply to DEX/CEX,
a hacker can manipulate these values.
STEPS TO RECREATE: Self-explanatory Anyone can call the function