Closed sherlock-admin closed 1 year ago
ff
medium
connext
Connext address used by the XProvider to make all cross chain messaging / calls is immutable.
The connext contract is used for all cross chain messaging / transfer and cannot be changed.
If the Connext team updates their contract for security reasons, the Derby Protocol cannot be update it.
address public immutable connext;
Manual Review
Remove the immutable attribute to the connext variable and add a setter accessible for guardian / dao users.
ff
medium
connext
address is immutableSummary
Connext address used by the XProvider to make all cross chain messaging / calls is immutable.
Vulnerability Detail
The connext contract is used for all cross chain messaging / transfer and cannot be changed.
Impact
If the Connext team updates their contract for security reasons, the Derby Protocol cannot be update it.
Code Snippet
Tool used
Manual Review
Recommendation
Remove the immutable attribute to the
connext
variable and add a setter accessible for guardian / dao users.