Submission Details
Severity:
Consider implementing two-step procedure for updating protocol addresses
Summary
[L-2] Consider implementing two-step procedure for updating protocol addresses
A copy-paste error or a typo may end up bricking protocol functionality, or sending tokens to an address with no known private key. Consider implementing a two-step procedure for updating protocol addresses, where the recipient is set as pending, and must 'accept' the assignment by making an affirmative call. A straight forward way of doing this would be to have the target contracts implement EIP-165, and to have the 'set' functions ensure that the recipient is of the right interface type.
file: /contracts/strategy/gmx/GMXVault.sol
585 function updateSwapRouter(address swapRouter) external onlyOwner {
_store.swapRouter = ISwap(swapRouter);
emit SwapRouterUpdated(swapRouter);
588 }
file: /contracts/strategy/gmx/GMXVault.sol
575 function updateTreasury(address treasury) external onlyOwner {
_store.treasury = treasury;
emit TreasuryUpdated(treasury);
578 }
Prize pool breakdown
Total prize
35,000 USDC
nSLOC
2,28915 USDC / LOC
33,000 USDC
2,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.