search

sherlock-audit / 2024-01-rio-vesting-escrow-judging

3 stars 2 forks source link

iberry - The error logical operator && for the condition exist at _checkOwnerOrManager #92

Closed sherlock-admin closed 9 months ago

sherlock-admin commented 9 months ago

iberry

high

The error logical operator && for the condition exist at _checkOwnerOrManager

Summary

_checkOwnerOrManager have a error logical operator &&, this cause _checkOwnerOrManager check invalid and don't revoke Unvested.

Vulnerability Detail

The _checkOwnerOrManager function appears to have a logical error in its conditional statement. The use of the logical AND (&&) operator suggests that the function will only revert if msg.sender is not equal to both _owner() and _manager() simultaneously. However, considering that an address cannot be both the owner and the manager at the same time, this logical condition will always evaluate to false.

https://github.com/sherlock-audit/2024-01-rio-vesting-escrow/blob/main/rio-vesting-escrow/src/VestingEscrow.sol#L246-L250

Impact

Medium

Code Snippet

function _checkOwnerOrManager() internal view {
    if (msg.sender != _owner() && msg.sender != _manager()) {    //  bug 
        revert NOT_OWNER_OR_MANAGER(msg.sender);
    }
}

Tool used

Manual Review

Recommendation

if (msg.sender != _owner() || msg.sender != _manager()) { revert NOT_OWNER_OR_MANAGER(msg.sender); }

Duplicate of #75

sherlock-admin2 commented 9 months ago

1 comment(s) were left on this issue during the judging contest.

pratraut commented:

'invalid due to check is already correct'