Protocols that are blacklisted cannot be whitelisted again
Summary
Protocols that are blacklisted cannot be whitelisted again.
Vulnerability Detail
The vault can blacklist a protocol by calling setProtocolBlacklist(). However, it cannot revert the change.
/// @notice Setter for protocol blacklist, given an vaultnumber and protocol number puts the protocol on the blacklist. Can only be called by vault.
/// @param _vaultNumber Number of the vault
/// @param _protocolNum Protocol number linked to protocol vault
function setProtocolBlacklist(
uint256 _vaultNumber,
uint256 _protocolNum
) external override onlyVault {
protocolBlacklist[_vaultNumber][_protocolNum] = true;
}
Impact
Protocols that are blacklisted cannot be whitelisted again.
peanuts
medium
Protocols that are blacklisted cannot be whitelisted again
Summary
Protocols that are blacklisted cannot be whitelisted again.
Vulnerability Detail
The vault can blacklist a protocol by calling
setProtocolBlacklist()
. However, it cannot revert the change.Impact
Protocols that are blacklisted cannot be whitelisted again.
Code Snippet
https://github.com/sherlock-audit/2023-01-derby/blob/main/derby-yield-optimiser/contracts/Controller.sol#L113-L122
Tool used
Manual Review
Recommendation
Recommend adding a parameter like
isBlacklist
so that the vault has the option to revert its blacklist, in case it does it accidentally.