Circular dependency issue between `RAACMinter` and `RAACToken` contract
Details
Circular dependency in solidity occurs when two or more contracts reference each other in a way that creates a loop.
The RAACMinter contract calls different functions in the RAACToken contract which has onlyOwner access contol limitation. The issue is that the onlyOwner in initialized in the constructor, and also not possible to make the RAACMinter contract the owner of the contract as it also initializes the address of RAACToken in its constructor. It is howeever possible that upon initializing the RAACToken with an admin address that ownership is transfered to RAACMinter. In a situation where ownership is transfered to RAACMinter contract it will be impossible for a function like RAACMinter::manageWhitelist to be called, as RAACMinter fails to implement the use of this function.
This function calls to RAACToken includes:
Impact
Lack of control over whitelist management
Tool Used
Manual review
Recommendation
Modify the access control type that RAACMinter inherits from RAACToken to onlyMinter.
Lead Judging Commences
RAACMinter lacks critical ownership transfer functionality and parameter management after receiving RAACToken ownership, causing permanent protocol rigidity
RAACMinter lacks critical ownership transfer functionality and parameter management after receiving RAACToken ownership, causing permanent protocol rigidity
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.