Open code423n4 opened 2 years ago
Acknowledging but yes system heavily relies on the admins to do the right thing, the right way. We might remove several such upgradeability rights during a broader refactor of the entire system.
Downgrading to medium as this is largely admin related.
Lines of code
https://github.com/code-423n4/2022-02-hubble/blob/ed1d885d5dbc2eae24e43c3ecbf291a0f5a52765/contracts/InsuranceFund.sol#L116-L119
Vulnerability details
https://github.com/code-423n4/2022-02-hubble/blob/ed1d885d5dbc2eae24e43c3ecbf291a0f5a52765/contracts/InsuranceFund.sol#L116-L119
The
Governance
address can callInsuranceFund.sol#syncDeps()
to change the contract address ofvusd
anytime.However, since the tx to set a new address for
vusd
can get in between users' txs to deposit and withdraw, in some edge cases, it can result in users' loss of funds.PoC
1,000,000 VUSD
toInsuranceFund
;syncDeps()
and setvusd
to the address ofVUSDv2
;withdraw()
with all theshares
and get back0 VUSDv2
.As a result, Alice suffered a fund loss of
1,000,000 VUSD
.Recommendation
vusd
unchangeable;vusd
must be considered, consider changing thesyncDeps()
to: