Potential Issue with Incomplete Removal of Token Settings in `dewhitelistToken` Function
Summary
LibWhitelist:dewhitelistToken function does not delete the token's settings entries that were set during the whitelistToken process. This omission could lead to unintended consequences and potential vulnerabilities.
Vulnerability Details
In the whitelistToken function, the following entries are set for a token:
These settings are essential for the token's behavior within the system. However, when a token is removed from the whitelist using the dewhitelistToken function, these entries are not deleted. This oversight means that stale data remains in the contract, which could lead to several issues. For example, milestoneSeason is used in different crucial places. And whitelisting of the tokens is judged through that. Despite dewhitelisting a token it will be considered whitelisted.
Impact
The impact of this issue can vary depending on the system's reliance on the token settings. Functions that reference token settings might operate incorrectly or inefficiently, potentially leading to operational failures.
Tools Used
Manual Review
Recommendations
To address this issue, it is recommended to modify the dewhitelistToken function to ensure it properly deletes the token settings entries set during the whitelistToken process.
Lead Judging Commences
Informational/Gas
Invalid as per docs https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.