DripsHub contract implements updateDriverAddress() which allows the driver contract to update drivr address. This function is only callable by the current driver due to _assertCallerIsDriver(driverId).
function updateDriverAddress(uint32 driverId, address newDriverAddr) public whenNotPaused {
_assertCallerIsDriver(driverId);
_dripsHubStorage().driverAddresses[driverId] = newDriverAddr;
emit DriverAddressUpdated(driverId, msg.sender, newDriverAddr);
}
However, in all our implementation of drivers, ImmutableSplitsDriver, AddressDriver and NFTDriver, the function updateDriverAddress() is not implemented. Since these contracts are the only ones that can update the driver address, we will not be able to do so.
Tools Used
Manual Review
Recommended Mitigation Steps
Consider adding the updateDriverAddress to our driver implementations.
Lines of code
https://github.com/code-423n4/2023-01-drips/blob/9fd776b50f4be23ca038b1d0426e63a69c7a511d/src/DripsHub.sol#L152
Vulnerability details
Impact
Driver address cannot be updated.
Proof of Concept
DripsHub contract implements
updateDriverAddress()
which allows the driver contract to update drivr address. This function is only callable by the current driver due to_assertCallerIsDriver(driverId)
.However, in all our implementation of drivers,
ImmutableSplitsDriver
,AddressDriver
andNFTDriver
, the functionupdateDriverAddress()
is not implemented. Since these contracts are the only ones that can update the driver address, we will not be able to do so.Tools Used
Manual Review
Recommended Mitigation Steps
Consider adding the
updateDriverAddress
to our driver implementations.