Closed code423n4 closed 2 years ago
https://github.com/code-423n4/2022-05-backd/blob/2a5664d35cde5b036074edef3c1369b984d10010/protocol/contracts/tokenomics/FeeBurner.sol#L126
FeeBurner.burnToTarget() and RewardHandler.burnFees() will fail every time because _addressProvider.getSwapperRouter(), addressProvider.getBKDLocker() and addressProvider.getFeeBurner() are not implemented in AddressProvider.sol.
FeeBurner.burnToTarget()
RewardHandler.burnFees()
_addressProvider.getSwapperRouter()
addressProvider.getBKDLocker()
addressProvider.getFeeBurner()
AddressProvider.sol
getSwapperRouter(), getBKDLocker() and getFeeBurner() not present in AddressProvider.sol.
getSwapperRouter()
getBKDLocker()
getFeeBurner()
Manual Review
Implement getSwapperRouter(), getBKDLocker() and getFeeBurner() in AddressProvider.sol
AddressProviderHelpers
chase-manning
commented
2 years ago chase-manning
commented
2 years ago
Lines of code
https://github.com/code-423n4/2022-05-backd/blob/2a5664d35cde5b036074edef3c1369b984d10010/protocol/contracts/tokenomics/FeeBurner.sol#L126
Vulnerability details
Impact
FeeBurner.burnToTarget()andRewardHandler.burnFees()will fail every time because_addressProvider.getSwapperRouter(),addressProvider.getBKDLocker()andaddressProvider.getFeeBurner()are not implemented inAddressProvider.sol.Proof of Concept
getSwapperRouter(),getBKDLocker()andgetFeeBurner()not present inAddressProvider.sol.Tools Used
Manual Review
Recommended Mitigation Steps
Implement
getSwapperRouter(),getBKDLocker()andgetFeeBurner()inAddressProvider.sol