The EtherCollateral smart contract does not rely on a maxLoanSize to limit the amount of ETH that can be locked for a loan.
As a result, a single account can issue a loan that will reach the total minting supply.
Make sure this behaviour is understood and consider introducing and enforcing a cap (maxLoanSize) on the size of the loans allowed to be opened.
- Sigma Prime Audit Synthetix Finding SEC-06
- Data Validation
- Single Account
- Entire ETH -> Loan
- Enforce Cap
- Document Behavior