lucas-manuel
commented
3 years ago Acknowledged, won't implement, informational
Open code423n4 opened 3 years ago
lucas-manuel
commented
3 years ago Acknowledged, won't implement, informational
Arachnid
commented
3 years ago Agree with sponsor's assessment as to severity, but this should still be fixed.
lucas-manuel
commented
3 years ago Going to keep as is, want to minimize diff
Handle
gpersoon
Vulnerability details
Impact
The some constants are defined in different files. This has that if it is changed in one place it is forgotten to change at the other place.
Proof of Concept
MapleGlobals.sol: 0 = COLLATERAL_LOCKER_FACTORY MapleGlobals.sol: 1 = DEBT_LOCKER_FACTORY MapleGlobals.sol: 2 = FUNDING_LOCKER_FACTORY MapleGlobals.sol: 3 = LIQUIDUITY_LOCKER_FACTORY MapleGlobals.sol: 4 = STAKE_LOCKER_FACTORY
LoanFactory.sol: uint8 public constant CL_FACTORY = 0; // Factory type of
CollateralLockerFactoryPool.sol: uint8 public constant DL_FACTORY = 1; // Factory type ofDebtLockerFactoryLoanFactory.sol: uint8 public constant FL_FACTORY = 2; // Factory type ofFundingLockerFactoryPoolFactory.sol: uint8 public constant LL_FACTORY = 3; // Factory type ofLiquidityLockerFactoryPoolFactory.sol: uint8 public constant SL_FACTORY = 4; // Factory type ofStakeLockerFactoryCollateralLockerFactory.sol: uint8 public constant factoryType = 0; // i.e FactoryType::COLLATERAL_LOCKER_FACTORY DebtLockerFactory.sol: uint8 public constant factoryType = 1; // i.e LockerFactoryTypes::DEBT_LOCKER_FACTORY FundingLockerFactory.sol: uint8 public constant factoryType = 2; // i.e FactoryType::FUNDING_LOCKER_FACTORY LiquidityLockerFactory.sol: uint8 public constant factoryType = 3; // i.e LockerFactoryTypes::LIQUIDITY_LOCKER_FACTORY StakeLockerFactory.sol: uint8 public constant factoryType = 4; // i.e FactoryType::STAKE_LOCKER_FACTORY.
LoanFactory.sol: uint8 public constant INTEREST_CALC_TYPE = 10; // Calc type of
RepaymentCalcLoanFactory.sol: uint8 public constant LATEFEE_CALC_TYPE = 11; // Calc type ofLateFeeCalcLoanFactory.sol: uint8 public constant PREMIUM_CALC_TYPE = 12; // Calc type ofPremiumCalcRepaymentCalc.sol: uint8 public constant calcType = 10; // INTEREST type LateFeeCalc.sol: uint8 public constant calcType = 11; // "LATEFEE type" PremiumCalc.sol: uint8 public constant calcType = 12; // PREMIUM type
Tools Used
grep
Recommended Mitigation Steps
Define constants in one file and include them when needed. Also consider using enums.