search

code-423n4 / 2021-11-badgerzaps-findings

0 stars 0 forks source link

`SettToRenIbbtcZap.sol#setGuardian` doesn't set the guardian, but governance #10

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Handle

0x0x0x

Vulnerability details

Proof of Concept

This function is intended to change the guardian, but the code changes the governance address as seen in the code:

    function setGuardian(address _guardian) external {
        _onlyGovernance();
        governance = _guardian;
    }

It should be replaced with the following code to have the functionality of setting guardian.

    function setGuardian(address _guardian) external {
        _onlyGovernance();
        guardian = _guardian;
    }

Tools Used

Manual analysis

tabshaikh commented 2 years ago

Fixed

0xleastwood commented 2 years ago

duplicate of #51