The function marketWhitelistCheck of RCTreasury checks the variable marketWhitelist.
However marketWhitelist is never set in the code base so calling marketWhitelistCheck is not useful.
Note: there are 2 whitelist mechanisms:
1) toggleWhitelist / batchWhitelist
2) marketWhitelistCheck
This might be the reason why this issue wasn't detected earlier.
Splidge
commented
3 years ago
Handle
gpersoon
Vulnerability details
Impact
The function marketWhitelistCheck of RCTreasury checks the variable marketWhitelist. However marketWhitelist is never set in the code base so calling marketWhitelistCheck is not useful.
Note: there are 2 whitelist mechanisms: 1) toggleWhitelist / batchWhitelist 2) marketWhitelistCheck
This might be the reason why this issue wasn't detected earlier.
Proof of Concept
//https://github.com/code-423n4/2021-08-realitycards/blob/main/contracts/RCTreasury.sol#L269 function marketWhitelistCheck(address _user) external view override returns (bool) { bytes32 requiredRole = marketWhitelist[msgSender()]; if (requiredRole == bytes32(0)) { return true; } else { return hasRole(requiredRole, _user); } }
Tools Used
Recommended Mitigation Steps
Add a function to set marketWhitelist (or remove marketWhitelistCheck)
Add comments to show there are two whitelist mechanisms. Rename toggleWhitelist / batchWhitelist to toggleUrerWhitelist / batchUserWhitelist