sherlock-admin
commented
9 months ago 1 comment(s) were left on this issue during the judging contest.
0xAadi commented:
Invalid: owner is alread set using initializer
Closed sherlock-admin closed 9 months ago
sherlock-admin
commented
9 months ago 1 comment(s) were left on this issue during the judging contest.
0xAadi commented:
Invalid: owner is alread set using initializer
AgileJune
high
setOwner will always revert without setting owner
Summary
setOwner in DSAuth.sol will always revert without setting owner.
Vulnerability Detail
modifier auth() invokes isAuthorized(msg.sender) which returns false before set owner. By the way, setOwner() has auth modifier, so can't set owner. And then all functions with modifier auth() can't be called since of this issue.
Impact
All functions with modifier auth() can't be called forever.
Code Snippet
https://github.com/sherlock-audit/2024-02-rubicon-finance/blob/main/gladius-contracts-internal/src/lib/DSAuth.sol#L16-L32 https://github.com/sherlock-audit/2024-02-rubicon-finance/blob/main/gladius-contracts-internal/src/fee-controllers/RubiconFeeController.sol#L120 https://github.com/sherlock-audit/2024-02-rubicon-finance/blob/main/gladius-contracts-internal/src/fee-controllers/RubiconFeeController.sol#L132 https://github.com/sherlock-audit/2024-02-rubicon-finance/blob/main/gladius-contracts-internal/src/fee-controllers/RubiconFeeController.sol#L138 https://github.com/sherlock-audit/2024-02-rubicon-finance/blob/main/gladius-contracts-internal/src/fee-controllers/RubiconFeeController.sol#L142
Tool used
Manual Review
Recommendation
It is to set owner on constructor rather than current implementation
Duplicate of #34