search

sherlock-audit / 2023-01-derby-judging

4 stars 1 forks source link

peanuts - Protocols that are blacklisted cannot be whitelisted again #409

Closed sherlock-admin closed 1 year ago

sherlock-admin commented 1 year ago

peanuts

medium

Protocols that are blacklisted cannot be whitelisted again

Summary

Protocols that are blacklisted cannot be whitelisted again.

Vulnerability Detail

The vault can blacklist a protocol by calling setProtocolBlacklist(). However, it cannot revert the change.

  /// @notice Setter for protocol blacklist, given an vaultnumber and protocol number puts the protocol on the blacklist. Can only be called by vault.
  /// @param _vaultNumber Number of the vault
  /// @param _protocolNum Protocol number linked to protocol vault
  function setProtocolBlacklist(
    uint256 _vaultNumber,
    uint256 _protocolNum
  ) external override onlyVault {
    protocolBlacklist[_vaultNumber][_protocolNum] = true;
  }

Impact

Protocols that are blacklisted cannot be whitelisted again.

Code Snippet

https://github.com/sherlock-audit/2023-01-derby/blob/main/derby-yield-optimiser/contracts/Controller.sol#L113-L122

Tool used

Manual Review

Recommendation

Recommend adding a parameter like isBlacklist so that the vault has the option to revert its blacklist, in case it does it accidentally.

  function setProtocolBlacklist(
    uint256 _vaultNumber,
    uint256 _protocolNum
+   bool isBlacklist
  ) external override onlyVault {
    protocolBlacklist[_vaultNumber][_protocolNum] = isBlacklist;
  }