allowToken adds token to the allowedToken list one more time if it was forbidden before

[0xmikko]

Problem

CreditFilter.sol has a two functions which allow / forbid tokens in allowedTokenList. When DAO forbids token, it set a mapping value for such address to false:

    /// @dev Forbid token. To allow token one more time use allowToken function
    /// @param token Address of forbidden token
    function forbidToken(address token)
        external
        configuratorOnly // T:[CF-1]
    {
        _allowedTokensMap[token] = false; // T: [CF-35, 36]
    }

Then, if DAO would decide to enable such a token, they should call a method function allowToken(address token, uint256 liquidationThreshold). This method has a part which could add this token twice:

  // we add allowed tokens to array if it wasn't added before
        // T:[CF-6] controls that
        if (!_allowedTokensMap[token]) {
            _allowedTokensMap[token] = true; // T:[CF-4]

            tokenMasksMap[token] = 1 << allowedTokens.length; // T:[CF-4]
            allowedTokens.push(token); // T:[CF-4]
        }

As result, it would add the same token to the allowedTokens twice, which make computation totalValue and health factor wrong.

Solution

Change this block of code to a cycle, which should go through all tokens in allowedTokens array to check has it was added or not. If not, this block of code should be executed:

tokenMasksMap[token] = 1 << allowedTokens.length; // T:[CF-4]
allowedTokens.push(token); // T:[CF-4]