Closed c4-bot-6 closed 3 months ago
Admin mistake as Med
GalloDaSballo marked the issue as insufficient quality report
Admin actions are clearly stated as OUT OF SCOPE! Centralization topics of admin inputs are not part of this competition. Please dismiss this.
trust1995 marked the issue as unsatisfactory: Out of scope
Lines of code
https://github.com/code-423n4/2024-02-wise-lending/blob/79186b243d8553e66358c05497e5ccfd9488b5e2/contracts/PowerFarms/PowerFarmNFTs/PowerFarmNFTs.sol#L51-L60
Vulnerability details
Description:
If
setFarmContract::farmContract
address is mistakenly set to a different address, it becomes unchangeable since we require to pass a check offarmContract == ZERO_ADDRESS
before we can change the address which in this is going to fail.Impact:
we cant change farmContract address if it is not the zero address and if there is a need to change, the protocol will hav to redeployt the contract
Tools Used
Manual Review
Proof Of Concept:
Recommended Mitigation Steps:
Change the
setFarmContract
logicAssessed type
call/delegatecall