addProtocol() can override another protocol by accident
Summary
addProtocol() can override another protocol by accident.
Vulnerability Detail
When adding a Protocol and vault to the Controller, the DAO calls addProtocol() and passes in several important values like _vaultNumber and _name. These value's existence in the protocol are not checked and it may override an existing protocol.
peanuts
medium
addProtocol() can override another protocol by accident
Summary
addProtocol() can override another protocol by accident.
Vulnerability Detail
When adding a Protocol and vault to the Controller, the DAO calls
addProtocol()
and passes in several important values like_vaultNumber
and_name
. These value's existence in the protocol are not checked and it may override an existing protocol.Impact
Previous protocol and vault may be overridden.
Code Snippet
https://github.com/sherlock-audit/2023-01-derby/blob/main/derby-yield-optimiser/contracts/Controller.sol#L146-L164
Tool used
Manual Review
Recommendation
Recommend adding checks that the latestProtocolId[_vaultNumber] does not exist beforehand.