No validation for address check to not be an Eoa
Summary
Important function does not have check for preventing EOA to be set for crucial addresses.
Vulnerability Details
SmartVaultManagerV5 have important function like setWethAddress, setSwapRouter2, setNFTMetadataGenerator, setSmartVaultDeployer, setProtocolAddress, and setLiquidatorAddress which are not checked for being a contract address ,that can result in EOA address setting accidently.
Impact
Setting wrong address for crucial contract addresses will result in redeploying these addresses and loss of gas which can be expensive if network has high traffic volumes.
Tools Used
Manual code review
Recommendations
The recommendation is made for having checks that verify addresses belong to contract at the time of assigning address.
The above recommendation for made for functions of setSwapRouter2, setNFTMetadataGenerator, setSmartVaultDeployer, setProtocolAddress, and setLiquidatorAddress belonging to the contract of SmartVaultManagerV5.
Lead Judging Commences
informational/invalid
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.