Closed sherlock-admin4 closed 5 months ago
1 comment(s) were left on this issue during the judging contest.
WangAudit commented:
medium cause those addresses are set to the same on initialization; fair to admit they have high probability of being different; but due to being the same initially it's medium. Btw; checked the issue on Remix and it will indeed revert
bin2chen
medium
rebalance() Permission Control Error
Summary
In the function
rebalance()
, the incorrect use of||
prevents the rebalancer from enforcing permission restrictions.Vulnerability Detail
Balancer.rebalance()
The implementation is as follows::The code above contains an error where the logical OR (
||
) operator is misused. As a result, the condition formsg.sender
requiresmsg.sender == owner == rebalancer
in order to execute successfully.However, in practice,
rebalancer
is not the same asowner
; it is typically associated with thebot
.the bot will be unable to execute the
rebalance()
function due to this flawed permission control.Impact
Incorrect permission control, causing the
bot
to fail to pass the permission requestCode Snippet
https://github.com/sherlock-audit/2024-02-tapioca/blob/main/TapiocaZ/contracts/Balancer.sol#L176
Tool used
Manual Review
Recommendation
Duplicate of #89