Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Parameter updates not propagated #30

Open
code423n4 opened this issue Aug 22, 2021 · 1 comment
Open

Parameter updates not propagated #30

code423n4 opened this issue Aug 22, 2021 · 1 comment
Labels
2 (Med Risk) bug Something isn't working sponsor acknowledged

Comments

@code423n4
Copy link
Contributor

Handle

gpersoon

Vulnerability details

Impact

There are several functions to update parameters. However these parameters are only updated on the top level and not propagated to the other contracts. This could lead to various unpredictable results.
Examples are:

  • setNftHubAddress of RCFactory
  • setOrderbookAddress of RCFactory
  • setLeaderboardAddress of RCFactory
  • setMinRental of RCTreasury

Proof of Concept

// https://github.com/code-423n4/2021-08-realitycards/blob/main/contracts/RCFactory.sol#L586
function setNftHubAddress(IRCNftHubL2 _newAddress) external override onlyUberOwner {
require(address(_newAddress) != address(0), "Must set Address");
nfthub = _newAddress;
}

function setOrderbookAddress(IRCOrderbook _newOrderbook) external override {
    require( treasury.checkPermission(TREASURY, msgSender()), "Not approved" );
    orderbook = _newOrderbook;
}

function setLeaderboardAddress(IRCLeaderboard _newLeaderboard) external override {
require( treasury.checkPermission(TREASURY, msgSender()), "Not approved");
leaderboard = _newLeaderboard;
}

//https://github.com/code-423n4/2021-08-realitycards/blob/main/contracts/RCTreasury.sol#L188
function setMinRental(uint256 _newDivisor) public override onlyRole(OWNER) {
minRentalDayDivisor = _newDivisor;
}

Tools Used

Recommended Mitigation Steps

Implement a way to notify the underlying contracts of the updates.
@code423n4 code423n4 added 2 (Med Risk) bug Something isn't working labels Aug 22, 2021
code423n4 added a commit that referenced this issue Aug 22, 2021
@code423n4
gpersoon issue #30
bfb57e6
@Splidge
Copy link
Collaborator

Splidge commented Aug 24, 2021

We have come to realise that it is very unlikely we will be able to change certain contracts once they are in-use, the exception being the market where a new reference could be deployed.
In practice we do use setNftHubAddress shortly after deploying new contracts, this is so that we can continue to use an existing NFT hub that has already been put through Matic Mintable Asset mapping, but changing this while a market is active would cause problems.
While we accept that changing these parameters on active contracts may be troublesome we will not be making changes at this time, partly because it's useful to be able to change these before the contracts are in use but also due to the potential risk of introducing new problems at this stage in the project.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
2 (Med Risk) bug Something isn't working sponsor acknowledged
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Splidge @code423n4