Evert0x
commented
3 years ago Upgrading the lockToken a pretty complex procedure. As old lockTokens suddenly become worthless.
Open code423n4 opened 3 years ago
Evert0x
commented
3 years ago Upgrading the lockToken a pretty complex procedure. As old lockTokens suddenly become worthless.
Handle
shw
Vulnerability details
Impact
A token cannot be reinitialized with a new lock token once it is set to a non-zero address. If the lock token needs to be changed (for example, because of implementation errors), the token must be removed and added again.
Proof of Concept
Referenced code: Gov.sol#L218-L227
Recommended Mitigation Steps
Consider removing the
ifcondition at line 219 to allow the lock token to be reinitialized.