The Gov.tokenInit skips the underlying token check if the _token is SHERX:
if (address(_token) != address(this)) {
require(_lock.underlying() == _token, 'UNDERLYING');
}
Impact
This check should still be performed even for _token == address(this) // SHERX, otherwise, the lock can have a different underlying and potentially pay out wrong tokens.
Evert0x
commented
3 years ago
Handle
cmichel
Vulnerability details
The
Gov.tokenInitskips the underlying token check if the_tokenis SHERX:Impact
This check should still be performed even for
_token == address(this) // SHERX, otherwise, the lock can have a different underlying and potentially pay out wrong tokens.Recommendation
Verify the underlying of all locks.