Submission Details
Severity:
Consider moving msg.sender checks to modifiers
Summary
If some functions are only allowed to be called by some specific users, consider using a modifier instead of checking with a require statement, especially if this check is done in multiple functions.
Vulnerability details
RESDLTokenBridge.sol ( #L91, #L116-L119 ):
if (msg.sender != sdlPool.ownerOf(_tokenId)) revert SenderNotAuthorized();
if (fees < msg.value) {
(bool success, ) = msg.sender.call{value: msg.value - fees}("");
if (!success) revert TransferFailed();
}
RewardsInitiator.sol ( #L39 ):
if (!whitelistedCallers[msg.sender]) revert SenderNotAuthorized();
SDLPool.sol ( #L208, #L249 #L268 #L295-L296 ):
if (!whitelistedCallers[msg.sender]) revert SenderNotAuthorized();
if (!_isApprovedOrOwner(msg.sender, _lockId)) revert SenderNotAuthorized();
if (msg.sender != owner && !isApprovedForAll(owner, msg.sender)) revert SenderNotAuthorized();
address owner = msg.sender;
if (owner == _operator) revert ApprovalToCaller();
SDLPoolPrimary.sol ( #L66, #L269 ):
if (msg.sender != address(sdlToken) && !isTokenSupported(msg.sender)) revert UnauthorizedToken();
if (msg.sender != delegatorPool) revert SenderNotAuthorized();
SDLPoolSecondary.sol ( #L137 ):
if (msg.sender != address(sdlToken) && !isTokenSupported(msg.sender)) revert UnauthorizedToken();
WrappedTokenBridge.sol ( #L88 ):
if (msg.sender != address(token)) revert InvalidSender();
Tools Used
Manual Analysis
Prize pool breakdown
Total prize
27,500 USDC
nSLOC
1,41419 USDC / LOC
25,000 USDC
2,500 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.