c4-judge
commented
3 months ago alex-ppg marked the issue as satisfactory
Closed howlbot-integration[bot] closed 3 months ago
c4-judge
commented
3 months ago alex-ppg marked the issue as satisfactory
Lines of code
https://github.com/code-423n4/2024-05-munchables/blob/57dff486c3cd905f21b330c2157fe23da2a4807d/src/managers/LockManager.sol#L177-L207
Vulnerability details
Impact
If a role approves a USD price proposal and then tries to disapprove it, an exception will be thrown. However, if a user first disapproves a proposal, they are still allowed to approve it afterward. This means a proposal can be approved and disapproved at the same time by the same role.
Proof of Concept
Tools Used
Recommended Mitigation Steps
Add a check if a role has already disapproved the proposal in approveUSDPrice()
Assessed type
Invalid Validation