Upgraded Q -> 2 from #980 [1716971346189] #1317
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
duplicate-829
satisfactory
satisfies C4 submission criteria; eligible for awards
Comments
c4-judge
added
the
2 (Med Risk)
c4-judge
added a commit
that referenced
this issue
May 29, 2024
|
koolexcrypto marked the issue as duplicate of #829 |
c4-judge
added
duplicate-829
satisfactory
|
koolexcrypto marked the issue as satisfactory |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Judge has assessed an item in Issue #980 as 2 risk. The relevant finding follows:
L04 - Missing setUnboundedKerosenVault initialization in deploy
https://github.com/code-423n4/2024-04-dyad/blob/49fb7174576e5147dc73d3222d16954aa641a2e0/script/deploy/Deploy.V2.s.sol#L89-L89
Vulnerability details
boundedKerosineVault is deployed, but the setUnboundedKerosenVault is not called, which will cause a revert when BounderKerosineVault::assetPrice() will be called to price users kerosine collateral:
File: src/core/Vault.kerosine.bounded.sol
22:
23: function setUnboundedKerosineVault(
24: UnboundedKerosineVault _unboundedKerosineVault
25: )
26: external
27: onlyOwner
28: {
29: unboundedKerosineVault = _unboundedKerosineVault;
30: }
31:
...:
...: /// ... some code ...
...:
44: function assetPrice()
45: public
46: view
47: override
48: returns (uint) {
49: return unboundedKerosineVault.assetPrice() * 2;
50: }
The text was updated successfully, but these errors were encountered: