c4-judge
commented
1 year ago Picodes marked the issue as duplicate of #214
Closed c4-judge closed 1 year ago
c4-judge
commented
1 year ago Picodes marked the issue as duplicate of #214
c4-judge
commented
1 year ago Picodes marked the issue as satisfactory
Judge has assessed an item in Issue #402 as M risk. The relevant finding follows:
Staked Gmx RewardTracker may retain allowances Summary: Both the configureGmxState() function and the setContract(Contracts c, address contractAddress) can be used to update the PirexGmx contract's stakedGmx storage variable with a new staked Gmx RewardTracker contract. However only the setContract(Contracts c, address contractAddress) reset and set the allowance for the PirexContract before updating the stakedGmx storage variable with the new contract.
Impact: an older Staked Gmx contract (eventually a vulnerable one) may retain unlimited allowance to spend Gmx from PirexGmx contract if inadvertently updated via the configureGmxState() function rather than the setContract(Contracts c, address contractAddress) one.
Recommended Mitigation Steps: if the intent of the configureGmxState() function is to initialize/configure the PirexGmx contract once and only once, and use the setContract(Contracts c, address contractAddress) for live updates, use a flag to prevent further calls to the configureGmxState() function after the first one.