Redeploying the contract because here exists a need to remember to go change a value in a function before deployment. This is risk prone, whereas a constant variable is a lot more visible and frequently used for configuration
Instead of the block.chainid != 31337 check, store 31337 in a private uint256 constant (CHAIN_ID sounds good) and compare block.chainid to it at line 35. At the same line, msg.sender is compared to a DEPLOYER address constant, this is the same principle.
Handle
Dravee
Vulnerability details
Impact
Redeploying the contract because here exists a need to remember to go change a value in a function before deployment. This is risk prone, whereas a constant variable is a lot more visible and frequently used for configuration
Proof of Concept
https://github.com/code-423n4/2022-01-sherlock/blob/main/contracts/managers/Manager.sol#L35
Tools Used
VS Code
Recommended Mitigation Steps
Instead of the
block.chainid != 31337check, store31337in a private uint256 constant (CHAIN_IDsounds good) and compareblock.chainidto it at line 35. At the same line, msg.sender is compared to a DEPLOYER address constant, this is the same principle.