BribeFactoryUpgradeable.createBribe() can be called by voter and factory owner. While creating bribes, the token0 and token1 can be added by voter. However, the voter is restricted to add reward tokens later after creating bribes.
function addRewards(address _token, address[] memory _bribes) external onlyOwner {
for (uint256 i; i < _bribes.length; ) {
IBribe(_bribes[i]).addRewardToken(_token);
unchecked {
i++;
}
}
}
This gives more privledge to owner and voter is restricted from adding the reward tokens. While adding N number of reward tokens with N number of bribes, voter is allowed along with owner here. Therefore, both addRewards() should be accessed by voter or owner.
Recommendations\
- function addRewards(address _token, address[] memory _bribes) external onlyOwner {
+ function addRewards(address _token, address[] memory _bribes) external {
+ require(msg.sender == voter || msg.sender == owner(), "only voter or owner");
for (uint256 i; i < _bribes.length; ) {
IBribe(_bribes[i]).addRewardToken(_token);
unchecked {
i++;
}
}
}
Github username: @0xRizwan Twitter username: 0xRizwann Submission hash (on-chain): 0x1f6fc52e0c7a280e723747101dd4de7225f0d10b1540c6f20fe6d766387f1216 Severity: low
Description: Description\
BribeFactoryUpgradeable.createBribe()
can be called byvoter
andfactory owner
. While creating bribes, the token0 and token1 can be added by voter. However, the voter is restricted to add reward tokens later after creating bribes.This gives more privledge to owner and voter is restricted from adding the reward tokens. While adding N number of reward tokens with N number of bribes, voter is allowed along with owner here. Therefore, both
addRewards()
should be accessed by voter or owner.Recommendations\