Lack of Open Access Mechanism in Boost Initialization
Summary
The initialize function in the contract does not provide a way to set up an open boost where all addresses are allowed by default. This limitation restricts the contract's flexibility and potential use cases.
Macho Mocha Donkey
Low/Info
Lack of Open Access Mechanism in Boost Initialization
Summary
The initialize function in the contract does not provide a way to set up an open boost where all addresses are allowed by default. This limitation restricts the contract's flexibility and potential use cases.
Vulnerability Detail
The current initialization process only allows for explicitly whitelisting addresses: https://github.com/sherlock-audit/2024-06-boost-aa-wallet/blob/main/boost-protocol/packages/evm/contracts/allowlists/SimpleAllowList.sol#L25C1-L32C6
This implementation doesn't account for scenarios where all addresses should be allowed, which is necessary for an open boost.
Impact
Limited flexibility in boost configuration
Tool used
Manual Review
Recommendation
Modify the initialize function to include this flag to check if the boost is open for anyone