Closed sherlock-admin2 closed 4 months ago
bareli
medium
No check whether market is listed or not.
function setPriceFeed(Market market, IPriceFeed priceFeed) external onlyRole(DEFAULT_ADMIN_ROLE) { if (address(priceFeed) != BASE_FEED && priceFeed.decimals() != priceDecimals) revert InvalidPriceFeed(); markets[market].priceFeed = priceFeed; emit PriceFeedSet(market, priceFeed); }
Sets the adjust factor for a certain market
https://github.com/sherlock-audit/2024-04-interest-rate-model/blob/main/protocol/contracts/Auditor.sol#L382
Manual Review
if (!markets[market].isListed) revert MarketNotListed();
The issue is invalid because the owner is TRUSTED, so it's assumed that the correct values will be provided as parameters in that function.
bareli
medium
no ckeck for market listed for "setPriceFeed"
Summary
No check whether market is listed or not.
Vulnerability Detail
function setPriceFeed(Market market, IPriceFeed priceFeed) external onlyRole(DEFAULT_ADMIN_ROLE) { if (address(priceFeed) != BASE_FEED && priceFeed.decimals() != priceDecimals) revert InvalidPriceFeed(); markets[market].priceFeed = priceFeed; emit PriceFeedSet(market, priceFeed); }
Impact
Sets the adjust factor for a certain market
Code Snippet
https://github.com/sherlock-audit/2024-04-interest-rate-model/blob/main/protocol/contracts/Auditor.sol#L382
Tool used
Manual Review
Recommendation