Closed code423n4 closed 2 years ago
Meta0xNull
governance = _guardian
The Guardian will become Governance of the Contract which is Not Expected. Original Governance will lose control of this contract if they call setGuardian() with Address/Key beyong their control.
https://github.com/Badger-Finance/badger-ibbtc-utility-zaps/blob/6f700995129182fec81b772f97abab9977b46026/contracts/IbbtcVaultZap.sol#L116-L119 https://github.com/Badger-Finance/badger-ibbtc-utility-zaps/blob/a5c71b72222d84b6414ca0339ed1761dc79fe56e/contracts/SettToRenIbbtcZap.sol#L130-L133
Manual Review
Before: governance = _guardian;
After: guardian = _guardian;
Agree with the finding, we fixed it before deployment
duplicate of #51
Handle
Meta0xNull
Vulnerability details
Impact
governance = _guardian
The Guardian will become Governance of the Contract which is Not Expected. Original Governance will lose control of this contract if they call setGuardian() with Address/Key beyong their control.
Proof of Concept
https://github.com/Badger-Finance/badger-ibbtc-utility-zaps/blob/6f700995129182fec81b772f97abab9977b46026/contracts/IbbtcVaultZap.sol#L116-L119 https://github.com/Badger-Finance/badger-ibbtc-utility-zaps/blob/a5c71b72222d84b6414ca0339ed1761dc79fe56e/contracts/SettToRenIbbtcZap.sol#L130-L133
Tools Used
Manual Review
Recommended Mitigation Steps
Before: governance = _guardian;
After: guardian = _guardian;