search

sherlock-audit / 2022-10-illuminate-judging

3 stars 0 forks source link

__141345__ - Element and APWine upgrade could break created market #199

Closed sherlock-admin closed 1 year ago

sherlock-admin commented 1 year ago

141345

medium

Element and APWine upgrade could break created market

Summary

In createMarket(), Element vault and APWine router allowance are set. However if in the future these 2 contract were upgraded the address could change, while currently there were no methods to update the Element vault and APWine router info, the current Marketplace contract has to be redeployed to adapt the external contract upgrades.

Vulnerability Detail

The approve() to set the allowance is only available in the createMarket() function. No future updates can be done according to current setup.

Impact

The functions related to Element vault and APWine router transfer will not work if these 2 contracts upgrade and change address in the future. The current Marketplace contract has to be redeployed.

Code Snippet

https://github.com/sherlock-audit/2022-10-illuminate/blob/main/src/Marketplace.sol#L182

Tool used

Manual Review

Recommendation

Add method to update e and a info in Marketplace.sol.

sourabhmarathe commented 1 year ago

We have an admin enabled approve method that covers this case. In the event that APWine or Element's contracts are updated, we will be able to approve them in the event either protocol upgrades their contracts.