getReservesByCategory() when useSubmodules =true and submoduleReservesSelector=bytes4(0) will revert
Summary
in getReservesByCategory()
Lack of check data.submoduleReservesSelector!=""
when call submodule.staticcall(abi.encodeWithSelector(data.submoduleReservesSelector)); will revert
Vulnerability Detail
when _addCategory()
if useSubmodules==true, submoduleMetricSelector must not empty
and submoduleReservesSelector can empty (bytes4(0))
bin2chen
medium
getReservesByCategory() when useSubmodules =true and submoduleReservesSelector=bytes4(0) will revert
Summary
in
getReservesByCategory()
Lack of checkdata.submoduleReservesSelector!=""
when callsubmodule.staticcall(abi.encodeWithSelector(data.submoduleReservesSelector));
will revertVulnerability Detail
when
_addCategory()
ifuseSubmodules==true
,submoduleMetricSelector
must not empty andsubmoduleReservesSelector
can empty (bytes4(0))like "protocol-owned-treasury"
but when call
getReservesByCategory()
, don't checksubmoduleReservesSelector!=bytes4(0)
and direct callsubmoduleReservesSelector
this way , when call like
getReservesByCategory(toCategory("protocol-owned-treasury")
will revertPOC
add to
SUPPLY.v1.t.sol
Impact
some category can't get
Reserves
Code Snippet
https://github.com/sherlock-audit/2023-11-olympus/blob/main/bophades/src/modules/SPPLY/OlympusSupply.sol#L541
Tool used
Manual Review
Recommendation