Open hats-bug-reporter[bot] opened 1 week ago
This is an intentional design choice. Asset managers select the tokens allowed for the portfolio during its creation to prevent unexpected events, such as asset managers rebalancing to self-created tokens or other tokens with high risk. Therefore, updating the token whitelist after initialization should not be possible.
Github username: -- Twitter username: -- Submission hash (on-chain): 0x5f595ae8fc1d8a0b6fab8d9cc545ec6394773561cb044cc4f9dd17400fb1444f Severity: medium
Description: Description\ The contract
TokenWhitelistManagement.sol
has a function__TokenWhitelistManagement_init
that adds the token to the whitelisting array but only during the initialisation via calling the internal funciton_addTokensToWhitelist
, however there is no function that can be directly called to add more tokens in the whitelistwhitelistedTokens[_token]
mapping.Attack Scenario\ This is a flawed design, if you look at the
UserWhitelistManagement.sol
contract the users are added via funcitonwhitelistUser
but inTokenWhitelistManagement.sol
this is only done while initialising the contract.Attachments
Proof of Concept (PoC) File
Revised Code File (Optional) Add a function just like the implementation of
UserWhitelistManagement.sol
contract to add more tokens to whitelist.