search

hats-finance / Fenix-Finance-0x83dbe5aa378f3ce160ed084daf85f621289fb92f

0 stars 0 forks source link

No way to remove reward token #8

Open hats-bug-reporter[bot] opened 4 months ago

hats-bug-reporter[bot] commented 4 months ago

Github username: @https://github.com/Pavel2202 Twitter username: https://twitter.com/timenov_pavel Submission hash (on-chain): 0x7b0bc848386f8668cadf59ad039bd12fadd8675a110bde66ebca4dee43c0a196 Severity: low

Description: Description\ In BribeUpgradeable.sol there are 2 function that can add token to the rewardTokens array and update the isRewardToken mapping(to true). However there is no way to remove that token from the array and mapping.

https://github.com/Satsyxbt/Fenix/blob/7b81d318fd9ef6107a528b6bd49bb9383e1b52ab/contracts/bribes/BribeUpgradeable.sol#L352-L369

Attack Scenario\ Describe how the vulnerability can be exploited.

Attachments

  1. Proof of Concept (PoC) File

  2. Revised Code File (Optional)

BohdanHrytsak commented 4 months ago

Thank you for the submission.

Indeed, such functionality is not available in Thena & Chronos, the very absence of this functionality does not create obvious problems except for hypothetical ones, which may also be based on misconfiguration on the part of the Owner

  1. This functionality is inherited from Thena & Chronos, OOS
  2. In case of problems with the added token, there is always a set of mitigations elsewhere that help to avoid any negative consequences