Open code423n4 opened 1 year ago
Picodes marked the issue as primary issue
Picodes changed the severity to 2 (Med Risk)
Thanks! We will fix this.
manoj9april marked the issue as sponsor confirmed
Picodes marked the issue as satisfactory
Picodes marked the issue as selected for report
This is fixed
Lines of code
https://github.com/code-423n4/2023-06-stader/blob/main/contracts/PoolUtils.sol#L55-L65
Vulnerability details
Impact
The purpose of the
updatePoolAddress
function is to update the pool address associated with an existing poolId. However, due to its internal invocation of theverifyNewPool
function, theupdatePoolAddress
function always reverts, this occurs because theverifyNewPool
function itself reverts when the specified poolId already exists. Consequently, it is not possible to update the pool address for an existing poolId.Proof of Concept
The issue occurs in the
updatePoolAddress
function below :File: PoolUtils.sol Line 55-65
As it can be seen from the code above, the
updatePoolAddress
function contains theonlyExistingPoolId
modifier which means it can only be called for updating the pool address of an already exiting poolId.Before updating the pool address the
updatePoolAddress
function calls theverifyNewPool
function below :It's clear that The function reverts when the poolId already exists meaning
isExistingPoolId(_poolId) == true
.So to summarize the
updatePoolAddress
function reverts when the poolId does not exists and theverifyNewPool
function reverts when the poolId exists, the two functions work on opposite conditions which means that when theverifyNewPool
function is called inside theupdatePoolAddress
function it will automatically revert and hence the pool address of already existing poolId can never be updated.Tools Used
Manual review
Recommended Mitigation Steps
Remove the
verifyNewPool
call inside theupdatePoolAddress
function and replace it with the following :Assessed type
Error