Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Incorrect Stability Pool Address Update

adepoju2006

Summary

In the LendingPool.sol (function setStabilityPool) Owner can mistakenly set an incorrect stability pool address, leading to system failure or vulnerabilities.

Vulnerability Details

The setStabilityPool() function allows the contract owner to update the Stability Pool address. However, it lacks validation to ensure that the new address is actually a valid Stability Pool contract. This introduces a misconfiguration risk, where the owner could mistakenly set an incorrect but technically valid Ethereum address, leading to potential loss of funds or disruption of protocol operations.

Affected Function

function setStabilityPool(address newStabilityPool) external onlyOwner {
if (newStabilityPool == address(0)) revert AddressCannotBeZero();
if (newStabilityPool == stabilityPool) revert SameAddressNotAllowed();
address oldStabilityPool = stabilityPool;
stabilityPool = newStabilityPool;
emit StabilityPoolUpdated(oldStabilityPool, newStabilityPool);
}

Issue Explanation

  • The function ensures that the new Stability Pool address is not zero and not the same as the current address, but it does not verify whether the new address is actually a valid Stability Pool contract.

  • If the owner mistakenly inputs a valid Ethereum address that does not belong to a proper Stability Pool contract (e.g., a random user wallet or an unrelated smart contract), the system may fail to function correctly.

  • If stability-related funds are meant to be sent to the Stability Pool, they might be lost or locked in an incorrect contract.

Impact

  • Loss of Funds: If the Stability Pool is incorrectly set to an arbitrary address, protocol interactions may send assets to an unintended recipient, resulting in permanent loss.

  • Protocol Disruption: If the system relies on the Stability Pool for key operations (e.g., liquidation handling or collateral stabilization), setting an invalid address could cause critical failures.

  • Increased Governance Risk

Tools Used

Manuel Review

Recommendations

  1. Before updating stabilityPool, verify that the new address is a smart contract.

Implementation

Use OpenZeppelin’s Address.isContract() function:

import "@openzeppelin/contracts/utils/Address.sol";
function setStabilityPool(address newStabilityPool) external onlyOwner {
if (newStabilityPool == address(0)) revert AddressCannotBeZero();
if (newStabilityPool == stabilityPool) revert SameAddressNotAllowed();
if (!Address.isContract(newStabilityPool)) revert InvalidContractAddress(); // New check
address oldStabilityPool = stabilityPool;
stabilityPool = newStabilityPool;
emit StabilityPoolUpdated(oldStabilityPool, newStabilityPool);
}

Why is this important?

✅ Prevents assigning an invalid wallet address as a Stability Pool, which would cause system failures.
✅ Ensures the new Stability Pool contains executable logic rather than being an empty address.

Issue

Even if the new address is a contract, it might not be a valid Stability Pool contract. It could be an unrelated contract, leading to unexpected behavior.

Fix

2.Before updating the Stability Pool address, check if it supports the required functions.

Implementation

Define an interface for the Stability Pool and verify its existence before setting the address.

interface IStabilityPool {
function isStabilityPool() external view returns (bool);
}
function setStabilityPool(address newStabilityPool) external onlyOwner {
if (newStabilityPool == address(0)) revert AddressCannotBeZero();
if (newStabilityPool == stabilityPool) revert SameAddressNotAllowed();
if (!Address.isContract(newStabilityPool)) revert InvalidContractAddress();
// Check if the new Stability Pool implements the expected interface
try IStabilityPool(newStabilityPool).isStabilityPool() returns (bool valid) {
if (!valid) revert InvalidStabilityPoolContract();
} catch {
revert InvalidStabilityPoolContract();
}
address oldStabilityPool = stabilityPool;
stabilityPool = newStabilityPool;
emit StabilityPoolUpdated(oldStabilityPool, newStabilityPool);
}

Why is this important?

✅ Ensures that the new contract implements the required functions before assigning it.
✅ Prevents assigning a random contract that doesn’t function as a Stability Pool.

3.Add Address Validation:

  • Implement a check to ensure the new address is a valid contract (e.g., by checking the bytecode size or calling a known function on the contract).

require(newStabilityPool.code.length > 0, "Invalid contract address");

4.Use a Multi-Signature Wallet:

  • Require multiple parties to approve the address change to reduce the risk of mistakes.

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!