function removeBlackList(address clearedUser) public onlyGuardian {
isBlackListed[clearedUser] = false;
emit RemovedBlackList(clearedUser);
}
This function is to remove blacklist.
The issue is it has no existing check, whatever param is, it will emit a message, if clearedUser does not exist, remove msg will also be emitted.
Impact
Error emit message will be Emit.
POC: paste below code in ERC20Token.t.sol
function testRemoveBlackListErrorMsg() public {
vm.startPrank(Guardian);
token.removeBlackList(address(0) );
token.removeBlackList(address(0) );
token.removeBlackList(address(0) );
vm.stopPrank();
}
command: forge test --match-test testRemoveBlackListErrorMsg -vvvv
twcctop
medium
removeBlackList() may emit error message
Summary
removeBlackList() may emit an error message
Vulnerability Detail
This function is to remove blacklist. The issue is it has no existing check, whatever param is, it will emit a message, if clearedUser does not exist, remove msg will also be emitted.
Impact
Error emit message will be Emit. POC: paste below code in ERC20Token.t.sol
command: forge test --match-test testRemoveBlackListErrorMsg -vvvv
Code Snippet
https://github.com/sherlock-audit/2023-04-unitasprotocol/blob/main/Unitas-Protocol/src/ERC20Token.sol#L272-275
Tool used
Manual Review
Recommendation
add existing check