search

code-423n4 / 2024-03-pooltogether-findings

5 stars 4 forks source link

the PriveVaultFactory doesn't transfer ownership to the msg.sender in the function deployVault #312

Closed c4-bot-2 closed 5 months ago

c4-bot-2 commented 5 months ago

Lines of code

https://github.com/code-423n4/2024-03-pooltogether/blob/480d58b9e8611c13587f28811864aea138a0021a/pt-v5-vault/src/PrizeVaultFactory.sol#L92

Vulnerability details

Impact

The protocol will be unable to call the OnlyOwner protected functions in the PrizeVault

Proof of Concept

After the PriveVaultFactory deploys the PrizeVault, it doesn't transfer ownership of the contract to the msg.sender, retaining the ownership rights. as the PrizeVaultFactory doesn't have the functionality to call functions protected by the OnlyOwner modifier, the protocol will be unable to call those functions.

Tools Used

Manual Audit

Recommended Mitigation Steps

transfer ownership to the PrizeVault deployer or add functionality in the PriveVaultFactory to call the setter functions

Assessed type

Other

c4-pre-sort commented 5 months ago

raymondfam marked the issue as insufficient quality report

c4-pre-sort commented 5 months ago

raymondfam marked the issue as primary issue

raymondfam commented 5 months ago

Ownable(owner_) that PrizeVault inherits will have this taken care of:

https://github.com/code-423n4/2024-03-pooltogether/blob/480d58b9e8611c13587f28811864aea138a0021a/pt-v5-vault/src/PrizeVault.sol#L299

c4-judge commented 5 months ago

hansfriese marked the issue as unsatisfactory: Invalid