Open code423n4 opened 3 years ago
shw
A token cannot be reinitialized with a new lock token once it is set to a non-zero address. If the lock token needs to be changed (for example, because of implementation errors), the token must be removed and added again.
Referenced code: Gov.sol#L218-L227
Consider removing the if condition at line 219 to allow the lock token to be reinitialized.
if
Upgrading the lockToken a pretty complex procedure. As old lockTokens suddenly become worthless.
Handle
shw
Vulnerability details
Impact
A token cannot be reinitialized with a new lock token once it is set to a non-zero address. If the lock token needs to be changed (for example, because of implementation errors), the token must be removed and added again.
Proof of Concept
Referenced code: Gov.sol#L218-L227
Recommended Mitigation Steps
Consider removing the
if
condition at line 219 to allow the lock token to be reinitialized.