sherlock-admin2
commented
8 months ago 1 comment(s) were left on this issue during the judging contest.
auditsea commented:
amoMinterBorrow is restriced in library level
Closed sherlock-admin closed 8 months ago
sherlock-admin2
commented
8 months ago 1 comment(s) were left on this issue during the judging contest.
auditsea commented:
amoMinterBorrow is restriced in library level
sherlock-admin2
commented
8 months ago 1 comment(s) were left on this issue during the judging contest.
auditsea commented:
amoMinterBorrow is restriced in library level
nevillehuang
commented
8 months ago Invalid
updateChainLinkCollateralPrice() - Does not require access control, simply updates price to update to date chainlink price, which will benefit all usersamoMinterBorrow() - relevant acces control is already checked here, wherein the caller must be a enabled amo by the admin
bareli
medium
No access control
Summary
There is no onlyAdmin modifier in the updateChainLinkCollateralPrice and amoMinterBorrow.
Vulnerability Detail
function updateChainLinkCollateralPrice(uint256 collateralIndex) external { LibUbiquityPool.updateChainLinkCollateralPrice(collateralIndex); }
function amoMinterBorrow(uint256 collateralAmount) external { LibUbiquityPool.amoMinterBorrow(collateralAmount); }
Impact
Any one calls this function and update the function?
Code Snippet
https://github.com/sherlock-audit/2023-12-ubiquity/blob/main/ubiquity-dollar/packages/contracts/src/dollar/facets/UbiquityPoolFacet.sol#L123
Tool used
Manual Review
Recommendation
use onlyowner modifier.