search

code-423n4 / 2021-11-badgerzaps-findings

0 stars 0 forks source link

`setGuardian` incorrectly set governance in IbbtcVaultZap.sol #74

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Handle

gzeon

Vulnerability details

Impact

setGuardian incorrectly set governance in IbbtcVaultZap.sol

Proof of Concept

https://github.com/Badger-Finance/badger-ibbtc-utility-zaps/blob/6f700995129182fec81b772f97abab9977b46026/contracts/IbbtcVaultZap.sol#L118


        _onlyGovernance();
        governance = _guardian;
    }```

## Tools Used

## Recommended Mitigation Steps
GalloDaSballo commented 2 years ago

Agree with the finding, there seems to be a bunch of these #10 #31

0xleastwood commented 2 years ago

merging with #75

0xleastwood commented 2 years ago

marking invalid as issues are merged. Treating the two issues as one to keep it fair with other wardens.