Part 2
Zaros
PerpetualsDEXFoundrySolidity
70,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Whitelist Cannot Be Disabled in configureWhitelist Function in MarketMakingEngineConfigurationBranch

josh4324

Summary

The configureWhitelist function is used to enable or disable a whitelist mechanism by setting a whitelist address and a boolean flag (isWhitelistMode).

However, the function does not correctly handle disabling the whitelist:

  • When isWhitelistMode is set to false, the function does not reset or remove the whitelist address.

  • This means that once a whitelist is set, it cannot be disabled because the whitelist address remains active.

Vulnerability Details

function configureWhitelist(address whitelist, bool isWhitelistMode) external onlyOwner {
// if whitelist mode is enabled, must have valid address
if (isWhitelistMode && whitelist == address(0)) {
revert Errors.ZeroInput("whitelist");
}
// set the whitelist address
MarketMakingEngineConfiguration.load().whitelist = whitelist;
// emit the LogConfigureWhitelist event
emit LogConfigureWhitelist(whitelist, isWhitelistMode);
}

The function only enforces a valid address when enabling the whitelist but does not clear it when disabling.

  • Expected behavior: If isWhitelistMode == false, the whitelist address should be reset to address(0).

  • Current behavior: The whitelist remains stored even after attempting to disable it.

Impact

If a whitelist is enabled once, it cannot be disabled

Tools Used

Manual Review

Recommendations

Modify configureWhitelist to Allow Disabling Whitelist

Updates

Lead Judging Commences

inallhonesty Lead Judge 5 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.