code-423n4 / 2021-04-vader-findings

1 stars 0 forks source link

deploySynth does not prevent token to be VADER or USDV #266

Closed code423n4 closed 3 years ago

code423n4 commented 3 years ago

Handle

paulius.eth

Vulnerability details

Impact

function deploySynth checks that token is not VADER or not USDV. The condition should be && (not ||) as OR condition always holds when VADER != USDV: function deploySynth(address token) external { require(token != VADER || token != USDV); iFACTORY(FACTORY).deploySynth(token); }

Recommended Mitigation Steps

The condition should be &&, not ||.

strictly-scarce commented 3 years ago

https://github.com/code-423n4/2021-04-vader-findings/issues/21

0xBrian commented 3 years ago

https://github.com/vetherasset/vaderprotocol-contracts/pull/159/commits/2f69f8317ce98846fbe227a3bf6ca1b644d01ff2#diff-5de3130299a0ddc914d7a906802a4cc093ed18d7a89c52a4aafefc8a11ac3f54R193

dmvt commented 3 years ago

duplicate of #124