Hard to change the positions of registered depositors
Summary
In UXDRouter, only the first registered depositor in _depositoriesForAsset is used. And It is hard to change the positions of registered depositors. If the owner wants to abandon the first registered depositor and use another depositor. The owner can not directly change the positions.
Vulnerability Detail
function unregisterDepository(address depository, address assetToken)
external
onlyOwner
{
bool foundByAsset = false;
address[] storage byAsset = _depositoriesForAsset[assetToken];
if (byAsset.length == 0) {
revert NotExists(assetToken);
}
for (uint256 i = 0; i < byAsset.length; i++) {
if (byAsset[i] == depository) {
foundByAsset = true;
byAsset[i] = byAsset[byAsset.length - 1];
byAsset.pop();
break;
}
}
if (!foundByAsset) {
revert NotExists(assetToken);
}
emit DepositoryUnregistered(assetToken, depository);
}
If the number of the registered depositors is 10 and the owner wants to use the 5th registered depositor instead of the first depositor. The owner has to take the following step
unregistered 5th depositor
registered 5th depositor back (Move 5th depositor to the last position)
unregistered 1st depositor (Move the last depositor to the first position)
Impact
It is hard for the owner to choose the desired depositors from _depositoriesForAsset.
GimelSec
medium
Hard to change the positions of registered depositors
Summary
In
UXDRouter
, only the first registered depositor in_depositoriesForAsset
is used. And It is hard to change the positions of registered depositors. If the owner wants to abandon the first registered depositor and use another depositor. The owner can not directly change the positions.Vulnerability Detail
If the number of the registered depositors is 10 and the owner wants to use the 5th registered depositor instead of the first depositor. The owner has to take the following step
Impact
It is hard for the owner to choose the desired depositors from
_depositoriesForAsset
.Code Snippet
https://github.com/sherlock-audit/2023-01-uxd/blob/main/contracts/core/UXDRouter.sol#L59 https://github.com/sherlock-audit/2023-01-uxd/blob/main/contracts/core/UXDRouter.sol#L101 https://github.com/sherlock-audit/2023-01-uxd/blob/main/contracts/core/UXDRouter.sol#L90
Tool used
Manual Review
Recommendation
Add a function to change the positions of registered depositors
Duplicate of #255