The RCTreasury.marketWhitelistCheck function gets the marketWhitelist[msgSender()] variable and performs a special check if it's non-zero.
However, there's no way to set the whitelist in the first place making this function unnecessary.
Impact
The market whitelist cannot be set and can therefore not be used.
Recommended Mitigation Steps
Implement a way to set the marketWhitelist[market] variable for a market.
Splidge
commented
3 years ago
Handle
cmichel
Vulnerability details
The
RCTreasury.marketWhitelistCheckfunction gets themarketWhitelist[msgSender()]variable and performs a special check if it's non-zero. However, there's no way to set the whitelist in the first place making this function unnecessary.Impact
The market whitelist cannot be set and can therefore not be used.
Recommended Mitigation Steps
Implement a way to set the
marketWhitelist[market]variable for a market.