Redundant Currency Manager Update in setCurrencyManager Function
Summary
The setCurrencyManager function allows an administrator to update the contract's currencyManager address. However, there is no check to ensure that the newCurrencyManager address is different from the current currencyManager address. This could lead to unnecessary updates without actually changing the currencyManager.
Vulnerability Details
The setCurrencyManager function currently performs only one check: it ensures that the newCurrencyManager is not set to the zero address. However, it does not check if newCurrencyManager is already equal to the existing currencyManager address. This could lead to accidental or redundant updates that do not modify the contract state but still consume gas and can create misleading audit logs or administrative records.
Impact
The vulnerability is considered Low because it does not pose a significant security risk, but it could lead to gas wastage and create unnecessary updates. Additionally, it could clutter the contract's transaction history with redundant state changes that provide no real benefit.
Tools Used
None
Recommendations
Add a check to ensure that newCurrencyManager is different from the existing currencyManager address. Update the setCurrencyManager function as follows:
This change will ensure that the currencyManager address is only updated when a new address is actually provided.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.