Open code423n4 opened 11 months ago
If the function returns, the execution will halt.
Invalid.
0xSorryNotSorry marked the issue as low quality report
The warden is right, but the events won't be fake, just redundant. Valid as QA.
alcueca changed the severity to QA (Quality Assurance)
alcueca marked the issue as grade-a
Lines of code
https://github.com/code-423n4/2023-07-moonwell/blob/main/src/core/Governance/TemporalGovernor.sol#L146-L156 https://github.com/code-423n4/2023-07-moonwell/blob/main/src/core/Governance/TemporalGovernor.sol#L173-L183
Vulnerability details
Impact
The
trustedSenders
array makes use of EnumerableSet. When doing an addition of an already present element, the EnumerableSetadd
method will return false. However, functionsetTrustedSenders
does not check this return value and it still emits aTrustedSenderUpdated
event, even though no trusted sender got changed.A similar thing can be said regarding function
unSetTrustedSenders
and EnumerableSet'sremove
method: when the element is not present in the array in the first place, an event still gets emitted.Tools Used
Manual review.
Recommended Mitigation Steps
Check the EnumerableSet's return value to know whether or not it should emit an event.
Assessed type
Loop