In file ibBTC VaultZap.sol , The function setGaurdian is setting the governance. First problem is , setGaurdian is supposed to set gaurdian not governance. gaurdian is a different contract which does not have access to many functions, if we are making governance same as gaurdian so now governance also can not call those function.
Proof of Concept
Tools Used
Recommended Mitigation Steps
change the line -
governance = _guardian
with
guardian = _guardian
Handle
fatima_naz
Vulnerability details
Impact
In file ibBTC VaultZap.sol , The function setGaurdian is setting the governance. First problem is , setGaurdian is supposed to set gaurdian not governance. gaurdian is a different contract which does not have access to many functions, if we are making governance same as gaurdian so now governance also can not call those function.
Proof of Concept
Tools Used
Recommended Mitigation Steps
change the line - governance = _guardian with guardian = _guardian