kingyetifinance
commented
2 years ago @LilYeti: This would be a nice extra check, but is a weird edge case. If owner wallet compromised worse things will happen. Extra checks are useful though, but since this is unlikely and worse things can happen set to 0 severity.
0xtruco
alcueca
Handle
pauliax
Vulnerability details
Impact
function setAddresses in contract Whitelist is intended to be invoked only once (confirmed with the sponsor) but currently, it has no prevention from being called multiple times.
Maybe this should also be prevented in sYETIToken's setAddresses and ThreePieceWiseLinearPriceCurve's setAddresses.
Recommended Mitigation Steps
Prevent repeated access of setAddresses in Whitelist and potentially in sYETIToken and ThreePieceWiseLinearPriceCurve.