search

code-423n4 / 2023-10-wildcat-findings

12 stars 9 forks source link

A borrower cannot redeploy a controller if their previous controller was removed #666

Closed c4-submissions closed 10 months ago

c4-submissions commented 10 months ago

Lines of code

https://github.com/code-423n4/2023-10-wildcat/blob/c5df665f0bc2ca5df6f06938d66494b11e7bdada/src/WildcatMarketControllerFactory.sol#L282-L301

Vulnerability details

Impact

A controller can be removed after it was initially deployed in cases where it was created with wrong parameters. However, in the case that a borrower's controller is removed they would be unable to redeploy another controller constraining them to use the initial controller with incorrect parameters.

Proof of Concept

Due to the following check in the deployController a borrower is only ever able to deploy one controller from a WildcatMarketControllerFactory.sol contract:

 if (controller.codehash != bytes32(0)) {
    revert ControllerAlreadyDeployed();
 }

Tools Used

Manual review

Recommended Mitigation Steps

One solution to the issue could be including a nonce variable when creating a WildcatMarketController.sol contract only if a previous controller has been removed.

Assessed type

Other

c4-pre-sort commented 10 months ago

minhquanym marked the issue as low quality report

minhquanym commented 10 months ago

Consider QA

c4-judge commented 10 months ago

MarioPoneder marked the issue as unsatisfactory: Insufficient proof