Treasury.sol has a mapping marketWhitelist[addr] to check if a certain market has to be restricted.
The issue is that the contract doesn't have a function to change the marketWhitelist values, so every market is always not-restricted.
In other words, the following requirement in RCMarket.sol is always satisfied:
// restrict certain markets to specific whitelists
require(
treasury.marketWhitelistCheck(_user),
"Not approved for this market"
);
Splidge
commented
3 years ago
Handle
0xsanson
Vulnerability details
Impact
Treasury.sol has a mapping
marketWhitelist[addr]to check if a certain market has to be restricted.The issue is that the contract doesn't have a function to change the
marketWhitelistvalues, so every market is always not-restricted. In other words, the following requirement in RCMarket.sol is always satisfied:Proof of Concept
https://github.com/code-423n4/2021-08-realitycards/blob/main/contracts/RCMarket.sol#L758-L761
Tools Used
editor
Recommended Mitigation Steps
Add a function where the owner can change
marketWhitelistin Treasury.sol.