Open sherlock-admin opened 1 year ago
Message from sponsor
Acknowledged. We added the check for the owner to be whitelisted for a callback on purchase to provide a shutdown mechanism in the event of a malicious callback. The ownership transfer functionality is meant to be used when a callback isn't being used to payout market purchases. E.g. create a market with an EOA from a script and transfer ownership to a multisig for payouts (would also require multisig to approve the teller for the capacity in payout tokens).
xiaoming90
medium
Transferring Ownership Might Break The Market
Summary
After the transfer of the market ownership, the market might stop working, and no one could purchase any bond token from the market leading to a loss of sale for the market makers.
Vulnerability Detail
The
callbackAuthorized
mapping contains a list of whitelisted market owners authorized to use the callback. When the users call thepurchaseBond
function, it will check at Line 390 if the current market owner is still authorized to use a callback. Otherwise, the function will revert.https://github.com/sherlock-audit/2022-11-bond/blob/main/src/bases/BondBaseSDA.sol#L379
However, if the market owner transfers the market ownership to someone else. The market will stop working because the new market owner might not be on the list of whitelisted market owners (
callbackAuthorized
mapping). As such, no one can purchase any bond token.https://github.com/sherlock-audit/2022-11-bond/blob/main/src/bases/BondBaseSDA.sol#L336
Impact
After the transfer of the market ownership, the market might stop working, and no one could purchase any bond token from the market leading to a loss of sale for the market makers.
Code Snippet
https://github.com/sherlock-audit/2022-11-bond/blob/main/src/bases/BondBaseSDA.sol#L379
https://github.com/sherlock-audit/2022-11-bond/blob/main/src/bases/BondBaseSDA.sol#L336
Tool used
Manual Review
Recommendation
Before pushing the ownership, if the market uses a callback, implement an additional validation check to ensure that the new market owner has been whitelisted to use the callback. This will ensure that transferring the market ownership will not break the market due to the new market owner not being whitelisted.