Closed sherlock-admin closed 1 year ago
ak1
high
MainVault.sol - addToWhitelist can be called by the guardian to set the particular address as whitelisted.
It is used to set the whitelist always. But there are not function to revoke this.
if the whitelisted address turn into malicious or compromised, no one can control it.
refer the summary section.
If the whitelisted address truns into malicious or compramised, huardian can not control this address and revoke the whitelist.
https://github.com/sherlock-audit/2023-01-derby/blob/main/derby-yield-optimiser/contracts/MainVault.sol#L471-L474
Manual Review
Add one more function to revoke the whitelist permission.
Duplicate of #376
ak1
high
MainVault.sol : Guardian can not revoke the whitelisted address if that address turns into malicous or compromised.
Summary
MainVault.sol - addToWhitelist can be called by the guardian to set the particular address as whitelisted.
It is used to set the whitelist always. But there are not function to revoke this.
if the whitelisted address turn into malicious or compromised, no one can control it.
Vulnerability Detail
refer the summary section.
Impact
If the whitelisted address truns into malicious or compramised, huardian can not control this address and revoke the whitelist.
Code Snippet
https://github.com/sherlock-audit/2023-01-derby/blob/main/derby-yield-optimiser/contracts/MainVault.sol#L471-L474
Tool used
Manual Review
Recommendation
Add one more function to revoke the whitelist permission.
Duplicate of #376