Closed sherlock-admin closed 6 months ago
1 comment(s) were left on this issue during the judging contest.
auditsea commented:
Input validation
1 comment(s) were left on this issue during the judging contest.
auditsea commented:
Input validation
Invalid, this is purely a sanity check and would constitute admin input erorr not valid based on sherlock rules, see point 5. Additionally gas optimization findings are not valid based on sherlock rules.
bareli
medium
new admin role can be same as old admin
Summary
there is no check whether old admin and new admin are equal or not.
Vulnerability Detail
function setRoleAdmin(bytes32 role, bytes32 adminRole) internal { bytes32 previousAdminRole = getRoleAdmin(role); accessControlStorage().roles[role].adminRole = adminRole; emit RoleAdminChanged(role, previousAdminRole, adminRole); }
Impact
it will cause too much gas use.
Code Snippet
https://github.com/sherlock-audit/2023-12-ubiquity/blob/main/ubiquity-dollar/packages/contracts/src/dollar/libraries/LibAccessControl.sol#L140
Tool used
Manual Review
Recommendation
use a require statement so that it is not equal.