Closed code423n4 closed 2 years ago
https://github.com/code-423n4/2022-05-backd/blob/2a5664d35cde5b036074edef3c1369b984d10010/protocol/contracts/tokenomics/FeeBurner.sol#L126
FeeBurner.burnToTarget() and RewardHandler.burnFees() will fail every time because _addressProvider.getSwapperRouter(), addressProvider.getBKDLocker() and addressProvider.getFeeBurner() are not implemented in AddressProvider.sol.
FeeBurner.burnToTarget()
RewardHandler.burnFees()
_addressProvider.getSwapperRouter()
addressProvider.getBKDLocker()
addressProvider.getFeeBurner()
AddressProvider.sol
getSwapperRouter(), getBKDLocker() and getFeeBurner() not present in AddressProvider.sol.
getSwapperRouter()
getBKDLocker()
getFeeBurner()
Manual Review
Implement getSwapperRouter(), getBKDLocker() and getFeeBurner() in AddressProvider.sol
AddressProviderHelpers
Lines of code
https://github.com/code-423n4/2022-05-backd/blob/2a5664d35cde5b036074edef3c1369b984d10010/protocol/contracts/tokenomics/FeeBurner.sol#L126
Vulnerability details
Impact
FeeBurner.burnToTarget()
andRewardHandler.burnFees()
will fail every time because_addressProvider.getSwapperRouter()
,addressProvider.getBKDLocker()
andaddressProvider.getFeeBurner()
are not implemented inAddressProvider.sol
.Proof of Concept
getSwapperRouter()
,getBKDLocker()
andgetFeeBurner()
not present inAddressProvider.sol
.Tools Used
Manual Review
Recommended Mitigation Steps
Implement
getSwapperRouter()
,getBKDLocker()
andgetFeeBurner()
inAddressProvider.sol