search

code-423n4 / 2021-04-vader-findings

1 stars 0 forks source link

Missing event for critical purgeDAO() function in Vader.sol #165

Closed code423n4 closed 3 years ago

code423n4 commented 3 years ago

Handle

0xRajeev

Vulnerability details

Impact

The purgeDAO() function removes the DAO (sets to zero address) which controls all critical protocol parameters. However, this function is missing an event emission for off-chain monitoring tools to monitor this on-chain change.

Proof of Concept

https://github.com/code-423n4/2021-04-vader/blob/3041f20c920821b89d01f652867d5207d18c8703/vader-protocol/contracts/Vader.sol#L197-L200

Tools Used

Manual Analysis

Recommended Mitigation Steps

Add an purgeDAO event and emit that at the end of purgeDAO() function.

strictly-scarce commented 3 years ago

Duplicate of https://github.com/code-423n4/2021-04-vader-findings/issues/163

dmvt commented 3 years ago

duplicate of #250