High
Blacklisted protocols can be added again with a new protocol number with the addProtcol function in controller.sol.
There is no check implemented to prevent a blacklisted protocol from being readded since a new protocolNumber is computed for it in addProtocol.
Impact
Through an error, the Dao can add a blacklisted protocol.
josephdara
high
Add protocol
Summary
High Blacklisted protocols can be added again with a new protocol number with the addProtcol function in controller.sol. There is no check implemented to prevent a blacklisted protocol from being readded since a new protocolNumber is computed for it in addProtocol.
Impact
Through an error, the Dao can add a blacklisted protocol.
Code Snippet
https://github.com/sherlock-audit/2023-01-derby/blob/main/derby-yield-optimiser/contracts/Controller.sol#L146 ` function addProtocol( string calldata _name, uint256 _vaultNumber, address _provider, address _protocolLPToken, address _underlying, address _govToken, uint256 _uScale ) external onlyDao returns (uint256) { uint256 protocolNumber = latestProtocolId[_vaultNumber];
}`
Tool used
Remix
Manual Review
Recommendation
I suggest a new mapping from an address to a uint to manage blacklisted protocols and a require statement in addProtocol.
Vulnerability Detail
This can enable malicious protocols