Submission Details
Severity:
`SmartVaultV3::manager` manager is being set in constructor can lead to contract being locked
Summary
The SmartVaultV3::manager manager is being set in constructor parameter variable that can be a wrong address.
Vulnerability Details
constructor(bytes32 _native, address _manager, address _owner, address _euros, address _priceCalculator) {
NATIVE = _native;
owner = _owner;
@> manager = _manager;
EUROs = IEUROs(_euros);
calculator = IPriceCalculator(_priceCalculator);
}
if the manager is a wrong address you can not set new owners and functions that have only owner will be accessed
Impact
contract and some admin functions can get locked
Tools Used
manual
Recommendations
The manager should be set using msg.sender in SmartVaultV3::manager constructor.
Use the set owner in line 226 for new owner.
+ manager = msg.sender
- owner = _owner
+ constructor(bytes32 _native, address _euros, address _priceCalculator) {
- constructor(bytes32 _native, address _manager, address _owner, address _euros, address _priceCalculator) {
Updates
Lead Judging Commences
hrishibhat almost 2 years ago
Submission Judgement Published Reason: Too generic
Assigned finding tags:
informational/invalid
Prize pool breakdown
Total prize
20,000 USDC
nSLOC
60933 USDC / LOC
17,500 USDC
2,500 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.