Platform: Code4rena
Start Date: 31/01/2023
Pot Size: $90,500 USDC
Total HM: 47
Participants: 169
Period: 7 days
Judge: LSDan
Total Solo HM: 9
Id: 211
League: ETH
Rank: 67/169
Findings: 1
Award: $122.61
🌟 Selected for report: 0
🚀 Solo Findings: 0
122.6059 USDC - $122.61
The function _verifyCreatorOrOwner(address vault) internal returns (VaultMetadata memory metadata) {} is used to verify that the caller is the creator of the vault or owner of VaultController (admin rights). However, the if statement logic mistakenly used || instead of using &&, which leads to the verification always reverts.
These functions listed below were affected.
function addStakingRewardsTokens(address[] memory vaults, bytes[] memory rewardTokenData) public {} function pauseAdapters(address[] calldata vaults) external {} function pauseVaults(address[] calldata vaults) external {} function unpauseAdapters(address[] calldata vaults) external {} function unpauseVaults(address[] calldata vaults) external {}
Set the msg.sender to creator, the if statement is true (0 || 1 = 1) the verification reverts. Set the msg.sender to owner, the if statement is true (1 || 0 = 1) the verification reverts. Set the msg.sender to a random address, the if statement is true (1 || 1 = 1) the verification reverts.
Manual review.
Change the if statement to the following code.
if(msg.sender != metadata.creator && msg.sender != owner) revert NotSubmitterNorOwner(msg.sender);
#0 - c4-judge
2023-02-16T07:24:42Z
dmvt marked the issue as duplicate of #45
#1 - c4-sponsor
2023-02-18T12:08:30Z
RedVeil marked the issue as sponsor confirmed
#2 - c4-judge
2023-02-23T00:17:37Z
dmvt marked the issue as satisfactory
#3 - c4-judge
2023-02-23T01:06:57Z
dmvt changed the severity to 3 (High Risk)