search

sherlock-audit / 2023-01-sentiment-judging

2 stars 0 forks source link

Bahurum - Use of controller `DNGMXVaultController` for two separate contracts with different functions #25

Closed github-actions[bot] closed 1 year ago

github-actions[bot] commented 1 year ago

Bahurum

informational

Use of controller DNGMXVaultController for two separate contracts with different functions

Summary

DNGMXVaultController must be deployed twice to control calls to two separate contracts withdrawPeriphery and depositPeriphery. While this poses no issues, it can be confusing.

Vulnerability Detail

DNGMXVaultController controls calls to the function depositToken(address,address,uint256) of depositPeriphery and to functions redeemToken(address,address,uint256) and withdrawToken(address,address,uint256) of withdrawPeriphery. It must be deployed twice, one contract for each Perphery. It can be confusing for someone looking at the chain to have functions for withdrawPeriphery in the controller of depositPeriphery and vice-versa.

Impact

Can be confusing to have a controller which contains checks for functions that are not present in the target integration.

Code Snippet

https://github.com/sherlock-audit/2023-01-sentiment/blob/main/controller-52/src/rage/DNGMXVaultController.sol#L15-L22

Tool used

Manual Review

Recommendation

Consider using two different contracts for controlling calls to withdrawPeriphery and to depositPeriphery, each containing only the checks to the functions to be called on the target integration.