`removeWhitelistStatus` function Ignores updating `milestoneSeason` variable
Summary
The issue in the LibWhitelistedTokens:removeWhitelistStatus function is that it removes the Whitelist status of a token without considering the impact on other related variables, such as the milestoneSeason variable.
Vulnerability Details
milestoneSeason Is used in many functions for checking whether a token is whitelisted or not i.e.
If the milestoneSeason variable is not updated or cleared when removing the Whitelist status, it may lead to incorrect behavior in subsequent checks or operations that rely on this variable.
Impact
Removing the Whitelist status of a token without updating related variables can lead to inconsistencies in the data stored in the contract. The milestoneSeason variable, used for checking whitelist status in many functions, may still hold outdated or incorrect information after removing the status, potentially leading to unexpected behavior or vulnerabilities.
Tools Used
Manual Review
Recommendations
To address this issue, ensure that related variables, such as milestoneSeason, are appropriately updated or cleared when removing the Whitelist status of a token. If the milestoneSeason variable is no longer relevant after removing the Whitelist status, it should be updated or cleared to maintain data integrity.
Lead Judging Commences
Dewhitelist milestone season
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.