Part 2
Zaros
PerpetualsDEXFoundrySolidity
70,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Whitelist Cannot Be Disabled in configureWhitelist Function in MarketMakingEngineConfigurationBranch

josh4324

Summary

The configureWhitelist function is used to enable or disable a whitelist mechanism by setting a whitelist address and a boolean flag (isWhitelistMode).

However, the function does not correctly handle disabling the whitelist:

  • When isWhitelistMode is set to false, the function does not reset or remove the whitelist address.

  • This means that once a whitelist is set, it cannot be disabled because the whitelist address remains active.

Vulnerability Details

function configureWhitelist(address whitelist, bool isWhitelistMode) external onlyOwner {
// if whitelist mode is enabled, must have valid address
if (isWhitelistMode && whitelist == address(0)) {
revert Errors.ZeroInput("whitelist");
}
// set the whitelist address
MarketMakingEngineConfiguration.load().whitelist = whitelist;
// emit the LogConfigureWhitelist event
emit LogConfigureWhitelist(whitelist, isWhitelistMode);
}

The function only enforces a valid address when enabling the whitelist but does not clear it when disabling.

  • Expected behavior: If isWhitelistMode == false, the whitelist address should be reset to address(0).

  • Current behavior: The whitelist remains stored even after attempting to disable it.

Impact

If a whitelist is enabled once, it cannot be disabled

Tools Used

Manual Review

Recommendations

Modify configureWhitelist to Allow Disabling Whitelist

Updates

Lead Judging Commences

inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!