Submission Details
Severity:
updateStrategyRewards() is broken as it uses rebaseController address for verifying strategy
Summary
updateStrategyRewards() is broken as it uses rebaseController address for verifying strategy
Vulnerability Details
updateStrategyRewards() checks if the strategy exists or not by calling _strategyExists(), but the problem is, it passes rebaseController address in place of strategy address
function updateStrategyRewards(uint256[] memory _strategyIdxs, bytes memory _data) external {
-> if (msg.sender != rebaseController && !_strategyExists(msg.sender))
revert SenderNotAuthorized();
_updateStrategyRewards(_strategyIdxs, _data);
}
Impact
updateStrategyRewards() will revert
Tools Used
VS code
Recommendations
Use strategy address instead of rebaseController address
Prize pool breakdown
Total prize
50,000 USDC
nSLOC
2,53020 USDC / LOC
42,000 USDC
4,250 USDC
3,750 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.