Functions which call VaultTracker admin functions (e.g. addNotional) from MarketPlace will always revert since the admin is Creator.
Proof of Concept
VaultTracker.sol has an authorized(admin) modifier which only allows admin to call these functions. And the Creator will create VaultTracker, so the immutable admin of VaultTracker will always be Creator.
But some functions in MarketPlace will also call these admin-only functions of VaultTracker, leading to these functions will always revert.
These lines below will call admin functions of VaultTracker in Marketplace/MarketPlace.sol:
Lines of code
https://github.com/code-423n4/2022-07-swivel/blob/main/VaultTracker/VaultTracker.sol#L7 https://github.com/code-423n4/2022-07-swivel/blob/main/Marketplace/MarketPlace.sol#L8 https://github.com/code-423n4/2022-07-swivel/blob/main/Creator/Creator.sol#L41
Vulnerability details
Impact
Functions which call VaultTracker admin functions (e.g. addNotional) from MarketPlace will always revert since the admin is Creator.
Proof of Concept
VaultTracker.sol has an
authorized(admin)
modifier which only allows admin to call these functions. And the Creator will create VaultTracker, so the immutable admin of VaultTracker will always be Creator. But some functions in MarketPlace will also call these admin-only functions of VaultTracker, leading to these functions will always revert.These lines below will call admin functions of
VaultTracker
inMarketplace/MarketPlace.sol
:Tools Used
Manual Review
Recommended Mitigation Steps
Set admin when Creator create VaultTracker, and add admin argument in VaultTracker constructor: