Submission Details
Severity:
Incorrect return value in `Laundrette::configureDependencies` function, causing MoneyShelf Module is not returned as dependencies of Laundrette Policy
Description
In function Laundrette::configureDependencies, dependencies[0] = toKeycode("WEAPN"); seems to be a typo, which should be dependencies[1] = toKeycode("WEAPN");. In its current setup, only WeaponShelf is returned as dependency of Laundrette but not MoneyShelf.
Impact
When activating Policy, moduleDependents and getDependentIndex is not updated correctly. And when deactivating Policy, dependecy of MoneyShelf is not pruned correctly. _reconfigurePolicies can not work properly, because MoneyShelf is not included in moduleDependents
Proof of Concept
function test_checkDependecies() public {
Policy p1 = kernel.moduleDependents(weaponShelf.KEYCODE(), 0);
assertEq(address(p1), address(laundrette));
Keycode k = moneyShelf.KEYCODE();
vm.expectRevert();
kernel.moduleDependents(k, 0);
}
Recommendations
function configureDependencies() external override onlyKernel returns (Keycode[] memory dependencies) {
dependencies = new Keycode[](2);
dependencies[0] = toKeycode("MONEY");
moneyShelf = MoneyShelf(getModuleAddress(toKeycode("MONEY")));
-- dependencies[0] = toKeycode("WEAPN");
++ dependencies[1] = toKeycode("WEAPN");
weaponShelf = WeaponShelf(getModuleAddress(toKeycode("WEAPN")));
}
Updates
Lead Judging Commences
n0kto about 1 year ago
Submission Judgement Published Assigned finding tags:
Laundrette incorrect dependencies
Rewards breakdown
nSLOC
205This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.