A vulnerability in the UpdateWeightRunner.sol
contract allows any user to trigger an update for a pool they do not own. This can lead to unauthorized updates, disrupting the pool's intended operation.
The performUpdate
function in the contract allows any user to trigger an update for a pool, regardless of ownership. The function does not include any checks to verify if the caller is authorized to perform the update. This can lead to unauthorized updates, which can disrupt the pool's intended operation and lead to financial losses.
PoC:
Using the following values:
block.timestamp
: 1,000,000
settings.timingSettings.lastPoolUpdateRun
: 900,000
settings.timingSettings.updateInterval
: 100,000
approvedPoolActions[_pool]
: 1 (indicating approval)
Any user can call the performUpdate
function with the _pool
address to trigger an update.
The vulnerability allows any user to trigger an update for any pool, regardless of ownership. This can lead to unauthorized updates, disrupting the pool's intended operation and causing financial losses.
Manual review.
Add a check to verify if the caller is authorized to perform the update. For example, add an onlyOwner
modifier or a similar access control mechanism.
Additionally, add a check that will identify the owner of the pool.
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelyhood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.