search

sherlock-audit / 2023-11-olympus-judging

9 stars 8 forks source link

bareli - Access Control: The contract uses an onlyParent modifier for admin functions #199

Closed sherlock-admin closed 9 months ago

sherlock-admin commented 9 months ago

bareli

medium

Access Control: The contract uses an onlyParent modifier for admin functions

Summary

Access Control: The contract uses an onlyParent modifier for admin functions, which is a good practice for restricting access to sensitive functions. However, the actual implementation of this modifier is not shown, so it's important to ensure that it properly restricts access to the parent module.

Vulnerability Detail

function removeVaultManager(address vaultManager_) external onlyParent {

}

function addVaultManager(address vaultManager_) external onlyParent { } function INIT() external override onlyParent {}

Impact

it iterates through the entire array twice.it will consume too much gas.

Code Snippet

https://github.com/sherlock-audit/2023-11-olympus/blob/main/bophades/src/modules/SPPLY/submodules/BLVaultSupply.sol#L80 https://github.com/sherlock-audit/2023-11-olympus/blob/main/bophades/src/modules/SPPLY/submodules/BLVaultSupply.sol#L80 https://github.com/sherlock-audit/2023-11-olympus/blob/main/bophades/src/modules/SPPLY/submodules/BLVaultSupply.sol#L80

Tool used

Manual Review

Recommendation

define onlyParent modifier.

nevillehuang commented 9 months ago

Invalid, logic seen here