Once set a incorrect _governance address, setGovernance, setEmergencyAdmin, whitelistProfileCreator, whitelistFollowModule, whitelistReferenceModule and whitelistCollectModule functions in LensHub will out of service.
Proof of Concept
If the current _governance set a incorrect address by LensHub._setGovernance function, the governance of LensHub would lose and could not set correct address again.
Lines of code
https://github.com/code-423n4/2022-02-aave-lens/blob/c1d2de2b0609b7d2734ada2ce45c91a73cc54dd9/contracts/core/LensHub.sol#L78-L80 https://github.com/code-423n4/2022-02-aave-lens/blob/c1d2de2b0609b7d2734ada2ce45c91a73cc54dd9/contracts/core/LensHub.sol#L850-L854
Vulnerability details
Impact
Once set a incorrect
_governance
address,setGovernance
,setEmergencyAdmin
,whitelistProfileCreator
,whitelistFollowModule
,whitelistReferenceModule
andwhitelistCollectModule
functions inLensHub
will out of service.Proof of Concept
If the current
_governance
set a incorrect address byLensHub._setGovernance
function, the governance ofLensHub
would lose and could not set correct address again.Tools Used
Recommended Mitigation Steps