c4-submissions commented 11 months ago

Lines of code

https://github.com/code-423n4/2023-11-kelp/blob/f751d7594051c0766c7ecd1e68daeb0661e43ee3/src/LRTConfig.sol#L109-L122

Vulnerability details

Impact

Check whether the entered strategy parameter is in the whitelist. Otherwise, faulty addresses may appear, causing losses

Proof of Concept

function updateAssetStrategy(
    address asset,
    address strategy
)
    external
    onlyRole(DEFAULT_ADMIN_ROLE)
    onlySupportedAsset(asset)
{
    UtilLib.checkNonZeroAddress(strategy);

@ if (assetStrategy[asset] == strategy) { revert ValueAlreadyInUse(); } assetStrategy[asset] = strategy; } https://github.com/code-423n4/2023-11-kelp/blob/f751d7594051c0766c7ecd1e68daeb0661e43ee3/src/LRTConfig.sol#L109-L122

Tools Used

vs

Recommended Mitigation Steps

add check

Assessed type

Context

c4-pre-sort commented 11 months ago

raymondfam marked the issue as insufficient quality report

c4-pre-sort commented 11 months ago

raymondfam marked the issue as primary issue

raymondfam commented 11 months ago

N-33 from the bot.

c4-judge commented 10 months ago

fatherGoose1 marked the issue as unsatisfactory: Invalid

code-423n4 / 2023-11-kelp-findings

The updateAssetStrategy function requires a whitelist #268