Closed sherlock-admin closed 1 year ago
3 comment(s) were left on this issue during the judging contest.
141345 commented:
d
darkart commented:
Works as designed
panprog commented:
invalid because the check reverts if both conditions are true: for coordinator the first condition will be false and it will proceed without reverting
cartlex
medium
COORDINATOR CAN'T UPDATE RISK PARAMETERS AFTER updateCoordinator() FUNCTION USED BY OWNER.
Summary
Functions with
onlyCoordinator
modifier inMarket.sol
contract will always throw after owner updated the coordinator if coordinator is not the owner.Vulnerability Detail
Impact
The owner of the contract decide to update the coordinator and use
updateCoordinator()
function. A new coordinator now can't use function with onlyCoordinator modifier due to condition that coordinator != owner.Code Snippet
https://github.com/sherlock-audit/2023-07-perennial/blob/main/perennial-v2/packages/perennial/contracts/Market.sol#L606-L610
Tool used
Manual Review
Recommendation
Remove
msg.sender != factory().owner()
condition.