0xEVom
commented
8 months ago These are correct as per the Blast docs
EDIT: the docs have also been updated since I left this comment.
Open c4-bot-9 opened 8 months ago
0xEVom
commented
8 months ago These are correct as per the Blast docs
EDIT: the docs have also been updated since I left this comment.
jooleseth
commented
8 months ago The contract addresses are for Blast Sepolia, which are correct. The Blast docs were also updated after the code was frozen, so there is no way we could have known about the new addresses prior to the audit
c4-judge
commented
8 months ago 0xleastwood marked the issue as unsatisfactory: Invalid
c4-judge
commented
8 months ago 0xleastwood changed the severity to QA (Quality Assurance)
Lines of code
https://github.com/code-423n4/2024-02-thruster/blob/main/thruster-protocol/thruster-cfmm/contracts/ThrusterYield.sol#L10-L11
Vulnerability details
Proof of Concept
There are multiple places in the code where USDB and WETHB addresses are set to the wrong addresses. As example is ThrusterYield contract.
These addresses are used to set yield mode and then claim it. Because of wrong addresses, deployment of such contracts will revert.
Impact
Deployment will revert.
Tools Used
VsCode
Recommended Mitigation Steps
Change to correct addresses.
Assessed type
Error