Updating Manager contract could destruct Sherlock core functionalities

[code423n4]

Handle

ych18

Vulnerability details

In Sherlock core contract, it is possible to update some contracts like Manager using Sherlock.updateSherlockProtocolManager function. Some functions in other contracts use the onlySherlockCore modifier that checks if the function is called from the Sherlock core contract. Updating the Manager contract will set the address of sherlockCore to 0 in the new Manager contract. The DEPLOYER should call the function Manager.setSherlockCoreAddress to set the value of the core contract in the new Manager contract. If the DEPLOYER forget to call setSherlockCoreAddress, some functions in the new contract will revert as the condition in the onlySherlockCore is not satisfied.

Recommendation: ( the team could choose between these two recommendations) -1)add comments in Sherlock.updateSherlockProtocolManager that indicates the setSherlockCoreAddress should be called after calling this function.

• 2) Call the Manager.setSherlockCoreAddress in Sherlock.updateSherlockProtocolManager ( of course with adding the necessary changes in Manager.setSherlockCoreAddress )

[Evert0x]

0 non critical

Will add comments thanks