Closed code423n4 closed 3 years ago
JMukesh
function changeDAO(address newDAO) external onlyDAO { require(newDAO != address(0), "address err"); DAO = newDAO; }
It has no event, so it is difficult to track off-chain newDao changes.
In vader.sol https://github.com/code-423n4/2021-04-vader/blob/main/vader-protocol/contracts/Vader.sol#L193
No tool used
add event for changing dao adress
duplicate of #250
dmvt
commented
3 years ago dmvt
commented
3 years ago
Handle
JMukesh
Vulnerability details
Impact
function changeDAO(address newDAO) external onlyDAO { require(newDAO != address(0), "address err"); DAO = newDAO; }
It has no event, so it is difficult to track off-chain newDao changes.
Proof of Concept
In vader.sol https://github.com/code-423n4/2021-04-vader/blob/main/vader-protocol/contracts/Vader.sol#L193
Tools Used
No tool used
Recommended Mitigation Steps
add event for changing dao adress