This repository has been archived by the owner on May 26, 2023. It is now read-only.
Bahurum - Use of controller DNGMXVaultController for two separate contracts with different functions
#25
Labels
Excluded
Excluded by the judge without consulting the protocol or the senior
Non-Reward
This issue will not receive a payout
Comments
github-actions
bot
added
the
Excluded
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Bahurum
informational
Use of controller
DNGMXVaultControllerfor two separate contracts with different functionsSummary
DNGMXVaultControllermust be deployed twice to control calls to two separate contractswithdrawPeripheryanddepositPeriphery. While this poses no issues, it can be confusing.Vulnerability Detail
DNGMXVaultControllercontrols calls to the functiondepositToken(address,address,uint256)ofdepositPeripheryand to functionsredeemToken(address,address,uint256)andwithdrawToken(address,address,uint256)ofwithdrawPeriphery.It must be deployed twice, one contract for each Perphery.
It can be confusing for someone looking at the chain to have functions for
withdrawPeripheryin the controller ofdepositPeripheryand vice-versa.Impact
Can be confusing to have a controller which contains checks for functions that are not present in the target integration.
Code Snippet
https://github.com/sherlock-audit/2023-01-sentiment/blob/main/controller-52/src/rage/DNGMXVaultController.sol#L15-L22
Tool used
Manual Review
Recommendation
Consider using two different contracts for controlling calls to
withdrawPeripheryand todepositPeriphery, each containing only the checks to the functions to be called on the target integration.The text was updated successfully, but these errors were encountered: