` function addPoolManager(
uint256 _poolId,
address _manager
) external onlyPoolAdmin(_poolId) {
// Reverts if the address is the zero address with 'ZERO_ADDRESS()'
if (_manager == address(0)) revert ZERO_ADDRESS();
// Grants the pool manager role to the '_manager' address
_grantRole(pools[_poolId].managerRole, _manager);
}
`
Tool used
Manual Review
Recommendation
event should be elicited after adding or removing manager roles.
aycozynfada
medium
Centralisation issue as event not emmited after new pool managers are added or removed
when new pool managers are added, the contract does not elicit event to show the new pool managers
Vulnerability Detail
New managers after been made as pool managers would not know that are pool managers which will lead to disruption in pool sequences from allocation to distributon thereby causing denial of service also an Admin can make unapproved address or even invalid address to be pool managers without other pool members finding out https://github.com/sherlock-audit/2023-09-Gitcoin/blob/main/allo-v2/contracts/core/interfaces/IAllo.sol#L289-L308.
Impact
Medium
Code Snippet
` function addPoolManager( uint256 _poolId, address _manager ) external onlyPoolAdmin(_poolId) { // Reverts if the address is the zero address with 'ZERO_ADDRESS()' if (_manager == address(0)) revert ZERO_ADDRESS();
`
Tool used
Manual Review
Recommendation
event should be elicited after adding or removing manager roles.