Skip to content
This repository has been archived by the owner on May 26, 2023. It is now read-only.

Latest commit

 

History

History
63 lines (39 loc) · 1.63 KB

012.md

File metadata and controls

63 lines (39 loc) · 1.63 KB
Raw

0x0

high

Batch Update Frozen Info Inoperable

Summary

In the UserManager there is a function to batch update the frozen info, intended to be called by external scripts. This will not be possible to succeed due to a modifier that exists on the Comptroller's function.

Vulnerability Detail

UserManager.batchUpdateFrozenInfo

When a script calls the batch updater there is an external call to comptroller.updateTotalStaked. This function has a modifier that only permits calling from the User Manager. The token argument passed from the User Manager is the stakingToken variable, which is the address of the ERC20 staking token.

The modifier onlyUserManager will not allow the call to this function as it is expecting the address of the User Manager.

Impact

Calls to UserManager.batchUpdateFrozenInfo will never succeed.

Code Snippet

User Manager

comptroller.updateTotalStaked(stakingToken, totalStaked - totalFrozen);

Comptroller Modifier

modifier onlyUserManager(address token) {
    if (msg.sender != address(_getUserManager(token))) revert SenderNotUserManager();
    _;
}

Comptroller

function updateTotalStaked(address token, uint256 totalStaked)
    external
    override
    whenNotPaused
    onlyUserManager(token)
    returns (bool)

Tool used

Manual Review

Recommendation

Call the Comptroller with a function argument of the calling contract address:

comptroller.updateTotalStaked(address(this), totalStaked - totalFrozen);