Fjord Token Staking
Fjord
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Silent failure in removeAuthorizedSablierSender function

sabit

Summary

The removeAuthorizedSablierSender function contains a logical error that can lead to silent failures when attempting to remove an unauthorized Sablier sender address.

Vulnerability Details

The function checks if the address is authorized before attempting to remove it. If the address is not currently authorized (i.e., authorizedSablierSenders[_address] is already false), the function will do nothing and exit silently. This behavior can lead to false assumptions about the function's success and potential confusion in contract management.

function removeAuthorizedSablierSender(address _address) external onlyOwner {
if (authorizedSablierSenders[_address]) authorizedSablierSenders[_address] = false;
}

https://github.com/Cyfrin/2024-08-fjord/blob/0312fa9dca29fa7ed9fc432fdcd05545b736575d/src/FjordStaking.sol#L361C2-L363C6

For instance:

  • Call removeAuthorizedSablierSender with an address that is not currently authorized

  • Observe that the function completes successfully without making any state changes

Impact

Silent failures in contract management operations. There is potential security risks if an address is assumed to be unauthorized when it isn't.

Tools Used

Manual review

Recommendation

Modify the function to revert if the address is not an authorized Sablier sender.

function removeAuthorizedSablierSender(address _address) external onlyOwner {
if (!authorizedSablierSenders[_address]) {
revert("Address is not an authorized Sablier sender");
}
authorizedSablierSenders[_address] = false;
}
Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Lack of quality

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.