c4-judge
commented
1 year ago trust1995 marked the issue as grade-c
Closed code423n4 closed 1 year ago
c4-judge
commented
1 year ago trust1995 marked the issue as grade-c
tom2o17
commented
1 year ago Upgrades will follow pattern used here
Modifications to the parent contracts should not be made as this will violate the storage layout set forth in the initial implementation. We are not intending to upgrade any of the parent contracts of their respective cToken child's.
cashManager has no funds unsure what calls could be made (Aside from minting from CASH token [In which case we would upgrade CASH token and decrement malicious users balances]). We assume nonMalicious action on the part of accounts w/ admin roles . This POC is uninteresting w/o POC related to gaining access to the managerAdmin role.
See the markdown file with the details of this report here.