Closed code423n4 closed 2 years ago
Yes, it is intend to be able to initialize a bridge multiple time to be able to update them if the implementation of the bridges updates. This will not influence single bridging transaction as they are only forwarded in our contract and will still be executed by the underlying bridge even if we update the address later to another one.
Downgrading to Low/QA.
Consider with warden's QA Report #190
Lines of code
https://github.com/code-423n4/2022-03-lifinance/blob/main/src/Facets/HopFacet.sol#L40
Vulnerability details
Impact
An enforced owner can write existing configs in the faucets. For instance, when bridge operations is in-progress, owner can change all configs. That will leads to locked funds.
Proof of Concept
https://github.com/code-423n4/2022-03-lifinance/blob/main/src/Facets/HopFacet.sol#L40
Tools Used
Code Review
Recommended Mitigation Steps
Ensure that Facet multiple initialization methodology is intended.