Submission Details
Severity:
'BoostController.sol::modifySupportedPool' adding address check to the function
Summary
' BoostController.sol::modifySupportedPool' adding an address check will secure the code from malicious attacker gained MANAGER_ROLE.
Vulnerability Details
function modifySupportedPool(address pool, bool isSupported) external onlyRole(MANAGER_ROLE) {
if (pool == address(0)) revert InvalidPool();
if (supportedPools[pool] == isSupported) revert PoolNotSupported();
supportedPools[pool] = isSupported;
if (isSupported) {
emit PoolAdded(pool);
} else {
emit PoolRemoved(pool);
Impact
Attacker could register adress with malicious behaviour pretending that is an address of a pool, as providing a self-destructing contract. That will cause future errors if the attacker gains MANAGER_ROLE.
Tools Used
Recommendations
Instead of relying on onlyRole modifier you can add additional check.
import "@openzeppelin/contracts/utils/Address.sol";
function modifySupportedPool(address pool, bool isSupported) external onlyRole(MANAGER_ROLE) {
if (!Address.isContract(pool)) revert InvalidPool() ;
if (pool == address(0)) revert InvalidPool();
if (supportedPools[pool] == isSupported) revert PoolNotSupported();
supportedPools[pool] = isSupported;
if (isSupported) {
emit PoolAdded(pool);
} else {
emit PoolRemoved(pool);
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.