Closed c4-bot-2 closed 5 months ago
raymondfam marked the issue as insufficient quality report
raymondfam marked the issue as primary issue
Ownable(owner_) that PrizeVault inherits will have this taken care of:
hansfriese marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2024-03-pooltogether/blob/480d58b9e8611c13587f28811864aea138a0021a/pt-v5-vault/src/PrizeVaultFactory.sol#L92
Vulnerability details
Impact
The protocol will be unable to call the
OnlyOwner
protected functions in the PrizeVaultProof of Concept
After the
PriveVaultFactory
deploys thePrizeVault
, it doesn't transfer ownership of the contract to the msg.sender, retaining the ownership rights. as thePrizeVaultFactory
doesn't have the functionality to call functions protected by theOnlyOwner
modifier, the protocol will be unable to call those functions.Tools Used
Manual Audit
Recommended Mitigation Steps
transfer ownership to the
PrizeVault
deployer or add functionality in thePriveVaultFactory
to call the setter functionsAssessed type
Other