oneski
commented
2 years ago Per comment on #3 https://github.com/code-423n4/2022-02-aave-lens-findings/issues/3#issuecomment-1035512983 This is expected behavior. Decline.
Closed code423n4 closed 2 years ago
oneski
commented
2 years ago Per comment on #3 https://github.com/code-423n4/2022-02-aave-lens-findings/issues/3#issuecomment-1035512983 This is expected behavior. Decline.
Lines of code
https://github.com/code-423n4/2022-02-aave-lens/blob/main/contracts/core/LensHub.sol#L850-L854
Vulnerability details
Impact
If an empty address will be set, functions with onlyGov can not be called more.
Proof of Concept
https://github.com/code-423n4/2022-02-aave-lens/blob/main/contracts/core/LensHub.sol#L850-L854
Tools Used
review
Recommended Mitigation Steps
input parameter must be checked if the param newGovernance is an empty address or not.