setContracts can only be be called once
But when dao is the zero address, it can bypass the check.
The owner can set the address of many parameters multiple times.
Describe some of the impacts here.
The upkeep address is expected to be set only once.
When the upkeep address can be reset.
can use withdrawArbitrageProfits() from DAO.sol to withdraw the WETH arbitrage profits.
It also affects all functions that check permissions using msg.sender == address(exchangeConfig.upkeep).
Lines of code
https://github.com/code-423n4/2024-01-salty/blob/main/src/ExchangeConfig.sol#L48
Vulnerability details
Impact
setContracts can only be be called once But when dao is the zero address, it can bypass the check. The owner can set the address of many parameters multiple times. Describe some of the impacts here.
The airdrop address is expected to be set only once. When the airdrop address can be reset. This will affect functions that use the return value of walletHasAccess() to verify legitimacy, including CollateralAndLiquidity.sol borrowUSDS(), Liquidity.sol _depositLiquidityAndIncreaseShare(), and Staking.sol stakeSALT().
The upkeep address is expected to be set only once. When the upkeep address can be reset. can use withdrawArbitrageProfits() from DAO.sol to withdraw the WETH arbitrage profits. It also affects all functions that check permissions using
msg.sender == address(exchangeConfig.upkeep)
.Proof of Concept
https://github.com/code-423n4/2024-01-salty/blob/main/src/ExchangeConfig.sol#L48
Tools Used
Recommended Mitigation Steps
Assessed type
Invalid Validation