Closed sherlock-admin closed 1 year ago
Escalate for 10 USDC.
Clearly, it is not a duplicate of #110. This issue should be invalid altogether, the check is not necessary because only the factory can change the controller: https://github.com/sherlock-audit/2023-03-Y2K/blob/main/Earthquake/src/v2/VaultV2.sol#L247
Escalate for 10 USDC.
Clearly, it is not a duplicate of #110. This issue should be invalid altogether, the check is not necessary because only the factory can change the controller: https://github.com/sherlock-audit/2023-03-Y2K/blob/main/Earthquake/src/v2/VaultV2.sol#L247
You've created a valid escalation for 10 USDC!
To remove the escalation from consideration: Delete your comment.
You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.
Ok agreed, not a duplicate of this one but it doesn't mean it is invalid.
If we look in controller contract, factory is set via constructor and is immutable variable and there is no setter function for factory as it is immutable.
We can set controller in the factory contract for the particular factory, problem is while setting controller we never check if the particular controller has factory assigned as this current address.
Same goes for changeController function, it never checks either whether the contract we are setting has the factory address of this or not.
From design of Y2k if a wrong factory address is set on the controller, it will lead to never triggering the depeg , endEpoch and nullEpoch functions.
Though it requires the operator mistake, but impact of the mistake goes far beyond, so marked it as medium.
Solution could be either make factory mutable and add a setter function or develop some mechanism to cross check.
Escalate for 10 USDC
Issue is not duplicate but a valid one as described above
Escalate for 10 USDC
Issue is not duplicate but a valid one as described above
You've created a valid escalation for 10 USDC!
To remove the escalation from consideration: Delete your comment.
You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.
Escalation accepted
Invalid issue Not a duplicate of #110 The roles are trusted to make these necessary changes.
Escalation accepted
Invalid issue The roles are trusted to make these necessary changes.
This issue's escalations have been accepted!
Contestants' payouts and scores will be updated according to the changes made on this issue.
0xnirlin
medium
Can change controller on factory without checking if the factory on controller is set to right factory.
Summary
Can change controller on factory without checking if the factory on controller is set to right factory.
Vulnerability Detail
We can change controller on factory by following code
So controller will be set without checking with the controller itself, just checking for whitelist
Impact
Unexpected reverts and behaviour will occur.
Code Snippet
https://github.com/sherlock-audit/2023-03-Y2K/blob/main/Earthquake/src/v2/VaultFactoryV2.sol#L286
Tool used
Manual Review
Recommendation
Add necessary checks on both side for the compatibility