Sparkn

CodeFox Inc.

DeFiFoundryProxy

15,000 USDC

View results

Previous Next

Submission Details

Severity: low

Valid

After deploy ProxyFactory contract, the `whitelistedTokens` mapping can't be modified

rotcivegaf

Summary

The contract ProxyFactory have a mapping of tokens supported by the protocol
In this mapping, the tokens state cannot be change

Vulnerability Details

The contract ProxyFactory can't integrate/remove tokens this limits the contract to only use the tokens allowed in the constructor and it does not allow to disable tokens that do not want to use anymore for some reason(broken stable token like LUNA)

Impact

The protocol can't integrate/remove tokens

Recommendations

Add a onlyOwner function to permit change the state of the token inside the mapping:

event SetTokenWhitelistState(address indexed _whitelistedToken, bool _state);

function setTokenWhitelistState(address _whitelistedToken, bool _state) external onlyOwner {

whitelistedTokens[_whitelistedToken] = _state;

emit SetTokenWhitelistState(_whitelistedToken, _state);

}

Keep in mind that if a token is removed, it could have proxies with tokens and they will be locked in the contract. Only the owner of the contract ProxyFactory will be able to add the token, distribute them and remove the token

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

194

77 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.