search

code-423n4 / 2021-11-badgerzaps-findings

0 stars 0 forks source link

`IbbtcVaultZap.sol#setGuardian` doesn't set the guardian, but governance #12

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Handle

0x0x0x

Vulnerability details

Proof of Concept

This function is intended to change the guardian, but the code changes the governance address as seen in the code:

  function setGuardian(address _guardian) external {
      _onlyGovernance();
      governance = _guardian;
  }

It should be replaced with the following code to have the functionality of setting guardian.

  function setGuardian(address _guardian) external {
      _onlyGovernance();
      guardian = _guardian;
  }

Tools Used

Manual analysis

tabshaikh commented 2 years ago

Duplicate of #10

0xleastwood commented 2 years ago

Merged with #10