Part 2
Zaros
PerpetualsDEXFoundrySolidity
70,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Missing Whitelist Mode Enforcement

prashikshit

Summary

The configureSystemParameters function fails to store the isWhitelistMode flag in the contract’s configuration storage. While the flag is validated during configuration (e.g., ensuring whitelist is not address(0) if isWhitelistMode is true), the absence of persistent storage for this flag means the system cannot enforce whitelist checks in critical functions. This oversight renders the whitelist functionality ineffective, as the contract has no record of whether the whitelist mode is active.

Impact

  • Inconsistent Access Control: Whitelist restrictions may not activate even when intended, allowing unauthorized users to bypass restrictions.

  • User Trust Erosion: Users expecting whitelist-based protections may lose confidence in the system’s security.

Vulnerability Details

Code Analysis

In configureSystemParameters, the isWhitelistMode parameter is validated but not stored:

function configureSystemParameters(
// ... other parameters ...
address whitelist,
bool isWhitelistMode
) external onlyOwner {
// Validate whitelist if mode is enabled
if (isWhitelistMode && whitelist == address(0)) {
revert Errors.ZeroInput("whitelist");
}
// Store other parameters but NOT `isWhitelistMode`
PerpsEngineConfiguration.Data storage perpsEngineConfiguration = PerpsEngineConfiguration.load();
perpsEngineConfiguration.whitelist = whitelist;
// ... other storage updates ...
emit LogConfigureWhitelist(whitelist, isWhitelistMode); // Emits event but does not store flag
}

The isWhitelistMode flag is only used transiently for validation and emitted in an event but never saved to PerpsEngineConfiguration.Data. Consequently, functions that should enforce whitelist checks (e.g., trade execution, withdrawals) cannot determine whether to validate against the whitelist.

Exploit Scenario

  1. Owner Configuration: The owner calls configureSystemParameters with isWhitelistMode = true and a valid whitelist address.

  2. Whitelist Bypass: A non-whitelisted user interacts with a function that should require whitelisting (e.g., openPosition).

  3. Result: The contract skips whitelist checks because isWhitelistMode is not stored, allowing unauthorized access.

Proof of Concept (PoC)

Setup: Owner configures isWhitelistMode = true and sets a valid whitelist address.

Expected Behavior: Only whitelisted users can interact with restricted functions.

Actual Behavior: If the code checks only whitelist != address(0) (not the mode), non-whitelisted users may still bypass restrictions if the mode flag isn’t enforced.

Conversely, if the mode is turned off (isWhitelistMode = false), but the whitelist address remains, the system might still enforce whitelisting incorrectly.

Recommendation

Step 1: Update Storage Structure

Add isWhitelistMode to the PerpsEngineConfiguration.Data struct:

struct Data {
// ... existing fields ...
bool isWhitelistMode;
}

Step 2: Store isWhitelistMode

Modify configureSystemParameters to persist the flag:

function configureSystemParameters(
// ... other parameters ...
bool isWhitelistMode
) external onlyOwner {
// ... existing validation ...
PerpsEngineConfiguration.Data storage perpsEngineConfiguration = PerpsEngineConfiguration.load();
perpsEngineConfiguration.whitelist = whitelist;
perpsEngineConfiguration.isWhitelistMode = isWhitelistMode; // Store flag
}

Step 3: Enforce Whitelist in Critical Functions

In functions requiring whitelist checks, add:

function openPosition(...) external {
PerpsEngineConfiguration.Data storage config = PerpsEngineConfiguration.load();
if (config.isWhitelistMode) {
require(config.whitelist.isWhitelisted(msg.sender), "Not whitelisted");
}
// ......
}

Step 4: Additional Safeguards

  • Input Validation: Ensure isWhitelistMode cannot be set to true without a valid whitelist address.

  • Testing: Add unit/integration tests to verify whitelist enforcement when the flag is active.

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Out of scope

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.