Closed sherlock-admin2 closed 5 months ago
1 comment(s) were left on this issue during the judging contest.
WangAudit commented:
I would say the issue is valid but the report doesn't mention the impact and if the rebalancer and owner can be different addresses. Therefore; this is invalid cause it doesn't properly explain what's the issue
ctf_sec
medium
Owner check logical should use && instead of || when rebalancing
Summary
Owner logical should use && instead of ||
Vulnerability Detail
Impact
In the contract, Balancer.sol
we should check
both
owner()
andrebalancer
otherwise, balancer address wants to trigger rebalance, but balancer != owner() is True, transaction will revert in NotAuthorized();
Impact
.
Code Snippet
https://github.com/sherlock-audit/2024-02-tapioca/blob/dc2464f420927409a67763de6ec60fe5c028ab0e/TapiocaZ/contracts/Balancer.sol#L169
Tool used
Manual Review
Recommendation
use && instead of ||
Duplicate of #89