Missing Validation _owner argument could indefinitely lock owner role
High
Summary
Table of Contents
Number
Issues Details
Count
[H-2]
Missing Validation _owner argument could indefinitely lock owner role
1
Vulnerability Detail
During adding a new multipool in the list of supported pools there is no check for _owner argument. Wrong/blank or invalid _owner address can lead to further confusion for specific index.
< Exploit Scenario>
Alice,who is the owner of _multipool1 ,see the event AddNewPool(_multipool1) is triggered. As _owner is compromised so now now he is not able to perform any operations that are in controll of _owner .
As multipool has owner role which can be transferred accordong to openzeppelins Ownable.sol. but here once _owner is added to poolInfo array , it can't be updated . which will lead to different owners in multipool and poolInfo[pid]._owner
Impact
High
Code Snippet
There is 1 instances of this issue:
```solidity
File: concentrator/contracts/Dispatcher.sol
55: function add(
address _owner,
address _multipool,
address _strategy,
address _token0,
address _token1
) external onlyOwner {
PoolInfo memory pInfo = PoolInfo({
owner: _owner,
multipool: _multipool,
strategy: _strategy,
token0: _token0,
token1: _token1
});
poolInfo.push(pInfo);
emit AddNewPool(_multipool);
72: }
```
https://github.com/sherlock-audit/2023-06-real-wagmi/blob/main/concentrator/contracts/Dispatcher.sol#L55
Tri-pathi
false
Missing Validation _owner argument could indefinitely lock owner role
High
Summary
Table of Contents
Vulnerability Detail
During adding a new multipool in the list of supported pools there is no check for _owner argument. Wrong/blank or invalid _owner address can lead to further confusion for specific index.
< Exploit Scenario>
Alice,who is the owner of
_multipool1,see the eventAddNewPool(_multipool1)is triggered. As_owneris compromised so now now he is not able to perform any operations that are in controll of_owner.As
multipoolhas owner role which can be transferred accordong to openzeppelinsOwnable.sol. but here once_owneris added topoolInfoarray , it can't be updated . which will lead to different owners inmultipoolandpoolInfo[pid]._ownerImpact
High
Code Snippet
There is 1 instances of this issue:
```solidity File: concentrator/contracts/Dispatcher.sol 55: function add( address _owner, address _multipool, address _strategy, address _token0, address _token1 ) external onlyOwner { PoolInfo memory pInfo = PoolInfo({ owner: _owner, multipool: _multipool, strategy: _strategy, token0: _token0, token1: _token1 }); poolInfo.push(pInfo); emit AddNewPool(_multipool); 72: } ``` https://github.com/sherlock-audit/2023-06-real-wagmi/blob/main/concentrator/contracts/Dispatcher.sol#L55Tool used
Manual Review
Recommendation
Label
High