jack-the-pug
commented
2 years ago setSherlockCoreAddress can only be called once:
if (address(sherlockCore) != address(0)) revert InvalidConditions();Closed code423n4 closed 2 years ago
jack-the-pug
commented
2 years ago setSherlockCoreAddress can only be called once:
if (address(sherlockCore) != address(0)) revert InvalidConditions();
Handle
gzeon
Vulnerability details
Impact
DEPLOYERis a constant inManagerand it is the only role that can callsetSherlockCoreAddressto changesherlockCoreaddress. Consider this is a critical function and there might be a need to change the deplorer address in the future (e.g. governance upgrade), it would be better to use the inheritedOwnablepattern to ensure the privileges can be transferred when required.Proof of Concept
https://github.com/code-423n4/2022-01-sherlock/blob/c763f10c4b5fe2127677d6c25b83adcf3bcec212/contracts/managers/Manager.sol#L35