The default value of curatedPoolLimit only allows one curated pool at any time. This can be changed with setParams() but DAO does not have this functionality.
This will affect the scalability of the protocol and significantly limit the liquidity pool value proposition.
Handle
0xRajeev
Vulnerability details
Impact
The default value of curatedPoolLimit only allows one curated pool at any time. This can be changed with setParams() but DAO does not have this functionality.
This will affect the scalability of the protocol and significantly limit the liquidity pool value proposition.
Proof of Concept
https://github.com/code-423n4/2021-04-vader/blob/3041f20c920821b89d01f652867d5207d18c8703/vader-protocol/contracts/Router.sol#L85
https://github.com/code-423n4/2021-04-vader/blob/3041f20c920821b89d01f652867d5207d18c8703/vader-protocol/contracts/Router.sol#L96
https://github.com/code-423n4/2021-04-vader/blob/3041f20c920821b89d01f652867d5207d18c8703/vader-protocol/contracts/Router.sol#L227
Tools Used
Manual Analysis
Recommended Mitigation Steps
Change curatedPoolLimit to a higher value on L85.