Closed sherlock-admin closed 9 months ago
Invalid, this would constitute user input error not valid based on sherlock rules, so this is purely a sanity check
- User input validation: User input validation to prevent user mistakes is not considered a valid issue.
sonny2k
high
Missing validation if votingToken in OZVotingAdaptor is the same as the token specified by VestingEscrowFactory
Summary
When updating a new voting adaptor, factory owner may choose an OZVotingAdaptor with a different token from the token defined originally in VestingEscrowFactory
Vulnerability Detail
There is no check if the token from these 2 contracts are the same
Impact
User's voting power can be larger than usual if token from VestingEscrowFactory has less value on market than the token in OZVotingAdaptor
Code Snippet
https://github.com/sherlock-audit/2024-01-rio-vesting-escrow/blob/main/rio-vesting-escrow/src/VestingEscrowFactory.sol#L97
Tool used
Manual Review
Recommendation
Perform a check on the OZVotingAdaptor's token before changing it