Open code423n4 opened 2 years ago
Based on the contracts that have been pointed out I can't see how this can lead to loss of funds as the severity suggests? Considering we are talking about compiled artifacts. Could the warden elaborate here?
This should be a 0 or 1 severity (being generous). There is no way for anything bad to happen here considering both the ABIs are different and used explicity
This is definitely a code quality issue and a good report, but does not constitute a potential loss of funds or even disfunction in the protocol itself. Downgrading to QA.
Lines of code
https://github.com/code-423n4/2022-05-aura/blob/main/contracts/CrvDepositorWrapper.sol#L9 https://github.com/code-423n4/2022-05-aura/blob/main/contracts/AuraStakingProxy.sol#L10
Vulnerability details
Impact
If a codebase has two contracts with the same names, the compilation artifacts will not contain one of the contracts.
ICrvDepositor
exists in bothAuraStakingProxy
andCrvDepositorWrapper
Tools
Manual Review
Recommended Mitigation Steps
Move the contract to an interface file and import it or if the interface differs rename one of the contracts.