The Standard
The Standard
DeFiHardhat
20,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

The `liquidator` and `protocol` variable represent the same address, both addresses should be changed at the same time

auditism

Summary

In the SmartVaultManagerV5 the liquidator and protocol represent the same address, so when changed should be changed together.

Vulnerability Details

Since both the liquidator and protocol are the same address, the LiquidationPoolManager, when one is changed through:

https://github.com/Cyfrin/2023-12-the-standard/blob/91132936cb09ef9bf82f38ab1106346e2ad60f91/contracts/SmartVaultManagerV5.sol#L131-L137

function setProtocolAddress(address _protocol) external onlyOwner() {
protocol = _protocol;
}
function setLiquidatorAddress(address _liquidator) external onlyOwner() {
liquidator = _liquidator;
}

The other address should also be changed

Impact

If only one address is changed but not the other it could lead to some issue down the line, with reverting liquidations or fees going to the wrong address.

Tools Used

Manual review

Recommendations

Group these two functions into one that changes both addresses at once.

function setProtocolAndLiquidatorAddress(address _protocol) external onlyOwner() {
protocol = _protocol;
liquidator = _protocol;
}
Updates

Lead Judging Commences

hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

informational/invalid

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.