__Ownable_init is missing in LenderCommitmentGroup_Smart and TellerV2
Summary
__Ownable_init is missing in LenderCommitmentGroup_Smart and TellerV2
Vulnerability Detail
The contracts inherits OwnableUpgradeable from OZ. In order to set the ownership when the contract is initialized, we have to call __Ownable_init, but it's missing from the initialize functions.
TellerV2.sol
function initialize(
uint16 _protocolFee,
address _marketRegistry,
address _reputationManager,
address _lenderCommitmentForwarder,
address _collateralManager,
address _lenderManager,
address _escrowVault
) external initializer {
__ProtocolFee_init(_protocolFee);
__Pausable_init();
require(
_lenderCommitmentForwarder.isContract(),
"LenderCommitmentForwarder must be a contract"
);
lenderCommitmentForwarder = _lenderCommitmentForwarder;
require(
_marketRegistry.isContract(),
"MarketRegistry must be a contract"
);
marketRegistry = IMarketRegistry(_marketRegistry);
require(
_reputationManager.isContract(),
"ReputationManager must be a contract"
);
reputationManager = IReputationManager(_reputationManager);
require(
_collateralManager.isContract(),
"CollateralManager must be a contract"
);
collateralManager = ICollateralManager(_collateralManager);
_setLenderManager(_lenderManager);
_setEscrowVault(_escrowVault);
}
LenderCommitmentGroup_Smart.sol
function initialize(
address _principalTokenAddress,
address _collateralTokenAddress,
uint256 _marketId,
uint32 _maxLoanDuration,
uint16 _interestRateLowerBound,
uint16 _interestRateUpperBound,
uint16 _liquidityThresholdPercent, // When 100% , the entire pool can be drawn for lending. When 80%, only 80% of the pool can be drawn for lending.
uint16 _collateralRatio, //the required overcollateralization ratio. 10000 is 1:1 baseline , typically this is above 10000
uint24 _uniswapPoolFee,
uint32 _twapInterval
) external initializer returns (address poolSharesToken_) {
// require(!_initialized,"already initialized");
// _initialized = true;
__Pausable_init();
principalToken = IERC20(_principalTokenAddress);
collateralToken = IERC20(_collateralTokenAddress);
UNISWAP_V3_POOL = IUniswapV3Factory(UNISWAP_V3_FACTORY).getPool(
_principalTokenAddress,
_collateralTokenAddress,
_uniswapPoolFee
);
require(UNISWAP_V3_POOL != address(0), "Invalid uniswap pool address");
marketId = _marketId;
//in order for this to succeed, first, that SmartCommitmentForwarder needs to be THE trusted forwarder for the market
ITellerV2Context(TELLER_V2).approveMarketForwarder(
_marketId,
SMART_COMMITMENT_FORWARDER
);
maxLoanDuration = _maxLoanDuration;
interestRateLowerBound = _interestRateLowerBound;
interestRateUpperBound = _interestRateUpperBound;
require(interestRateLowerBound <= interestRateUpperBound, "invalid _interestRateLowerBound");
require(_liquidityThresholdPercent <= 10000, "invalid _liquidityThresholdPercent");
liquidityThresholdPercent = _liquidityThresholdPercent;
collateralRatio = _collateralRatio;
twapInterval = _twapInterval;
poolSharesToken_ = _deployPoolSharesToken();
}
Impact
pauseBorrowing and unpauseBorrowing won't work in LenderCommitmentGroup_Smart.
pauseProtocol and unpauseProtocol won't work in TellerV2.
EgisSecurity
high
__Ownable_init is missing in LenderCommitmentGroup_Smart and TellerV2
Summary
__Ownable_init is missing in LenderCommitmentGroup_Smart and TellerV2
Vulnerability Detail
The contracts inherits
OwnableUpgradeable
from OZ. In order to set the ownership when the contract is initialized, we have to call__Ownable_init
, but it's missing from theinitialize
functions.TellerV2.sol
LenderCommitmentGroup_Smart.sol
Impact
pauseBorrowing
andunpauseBorrowing
won't work inLenderCommitmentGroup_Smart
.pauseProtocol
andunpauseProtocol
won't work inTellerV2
.Code Snippet
https://github.com/sherlock-audit/2024-04-teller-finance/blob/defe55469a2576735af67483acf31d623e13592d/teller-protocol-v2-audit-2024/packages/contracts/contracts/TellerV2.sol#L188-L227 https://github.com/sherlock-audit/2024-04-teller-finance/blob/defe55469a2576735af67483acf31d623e13592d/teller-protocol-v2-audit-2024/packages/contracts/contracts/LenderCommitmentForwarder/extensions/LenderCommitmentGroup/LenderCommitmentGroup_Smart.sol#L158-L213
Tool used
Manual Review
Recommendation
Add
__Ownable_init
ininitialize
in both contractsDuplicate of #35