Project
One World
NFTDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

The `owpWallet` (or `PLATFORM_TREASURY`) address in the `MembershipFactory` contract cannot be updated

chainnue

Summary

The owpWallet (or PLATFORM_TREASURY) address in the MembershipFactory contract cannot be updated because there is no update function provided.

Vulnerability Details

The MembershipFactory variable is defined as follows:

File: MembershipFactory.sol
16: string public baseURI;
17: ICurrencyManager public currencyManager;
18: address public membershipImplementation;
19: ProxyAdmin public proxyAdmin;
20: address public owpWallet;

Since owpWallet is neither a constant nor an immutable variable, it appears intended to support updates to the address if needed. Other variables in the contract have setter functions (setBaseURI, setCurrencyManager, updateMembershipImplementation) that allow updating their values, but owpWallet does not.

Impact

Without an update function, owpWallet cannot be changed if a new address is needed.

Tools Used

Manual analysis

Recommendations

Add a setOwpWallet function to allow updating the owpWallet address when needed.

Updates

Lead Judging Commences

0xbrivan2 Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Appeal created

chainnue Submitter
10 months ago
0xbrivan2 Lead Judge
10 months ago
0xbrivan2 Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.