sherlock-admin2
commented
7 months ago 1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid
Closed sherlock-admin closed 7 months ago
sherlock-admin2
commented
7 months ago 1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid
nevillehuang
commented
6 months ago Invalid, not a direct issue related to smart contract
4b
medium
Incomplete
README.mdwhich can mislead researchers.Summary
In the
README.mdfile at line 74, some functions have not been added to the Governor role but they assume that roleVulnerability Detail
looking at
setBlockHeightSubmissionsThresholdandsetSecondsPerBlockfunction you will observe that they assume the Governor role with theonlyGovernormodifier. But in theREADME.mdyou will not find these functions specified in the Governor role section.Impact
The specified section in the README misinforms researchers
Code Snippet
Functions with the role: https://github.com/sherlock-audit/2023-11-covalent/blob/main/cqt-staking/contracts/BlockSpecimenProofChain.sol#L312-L323
Role that needs to be updated in README.md: https://github.com/sherlock-audit/2023-11-covalent/blob/main/README.md?plain=1#L74
Tool used
Manual Review
Recommendation
The Governor role in the ProofChain Contract under the question "Q: Are there any additional protocol roles? If yes, please explain in detail: " needs to be updated with these functions:
setBlockHeightSubmissionsThreshold()andsetSecondsPerBlock()