Upgraded Q -> 2 from #980 [1716971346189] #1317
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
duplicate-829
satisfactory
satisfies C4 submission criteria; eligible for awards
Judge has assessed an item in Issue #980 as 2 risk. The relevant finding follows:
L04 - Missing setUnboundedKerosenVault initialization in deploy
https://github.com/code-423n4/2024-04-dyad/blob/49fb7174576e5147dc73d3222d16954aa641a2e0/script/deploy/Deploy.V2.s.sol#L89-L89
Vulnerability details
boundedKerosineVault is deployed, but the setUnboundedKerosenVault is not called, which will cause a revert when BounderKerosineVault::assetPrice() will be called to price users kerosine collateral:
File: src/core/Vault.kerosine.bounded.sol
22:
23: function setUnboundedKerosineVault(
24: UnboundedKerosineVault _unboundedKerosineVault
25: )
26: external
27: onlyOwner
28: {
29: unboundedKerosineVault = _unboundedKerosineVault;
30: }
31:
...:
...: /// ... some code ...
...:
44: function assetPrice()
45: public
46: view
47: override
48: returns (uint) {
49: return unboundedKerosineVault.assetPrice() * 2;
50: }
The text was updated successfully, but these errors were encountered: