search

code-423n4 / 2022-02-aave-lens-findings

0 stars 0 forks source link

LensHub contract would lose governance once the previous _governance set a Incorrect address. #50

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-02-aave-lens/blob/c1d2de2b0609b7d2734ada2ce45c91a73cc54dd9/contracts/core/LensHub.sol#L78-L80 https://github.com/code-423n4/2022-02-aave-lens/blob/c1d2de2b0609b7d2734ada2ce45c91a73cc54dd9/contracts/core/LensHub.sol#L850-L854

Vulnerability details

Impact

Once set a incorrect _governance address, setGovernance, setEmergencyAdmin, whitelistProfileCreator, whitelistFollowModule, whitelistReferenceModule and whitelistCollectModule functions in LensHub will out of service.

Proof of Concept

If the current _governance set a incorrect address by LensHub._setGovernance function, the governance of LensHub would lose and could not set correct address again.

Tools Used

Recommended Mitigation Steps

address prepareGovernance;

function setGovernance(address newGovernance) external {
  prepareGovernance = newGovernance;
}

function acceptGovernance() external {
    require(msg.sender == prepareGovernance);
  address prevGovernance = _governance;
  _governance = prepareGovernance;
  emit Events.GovernanceSet(msg.sender, prevGovernance, prepareGovernance, block.timestamp);
}
oneski commented 2 years ago

Duplicate, see https://github.com/code-423n4/2022-02-aave-lens-findings/issues/3#issuecomment-1035512983

miguelmtzinf commented 2 years ago

I suggest to lower the severity of this issue to Medium or even Low RIsk

0xleastwood commented 2 years ago

As per #3, this is invalid.