Skip to content
This repository has been archived by the owner on Jan 7, 2024. It is now read-only.

0x52 - MarginAccountHelper will be bricked if registry.marginAccount or insuranceFund ever change #170

Open
sherlock-admin opened this issue Jul 3, 2023 · 1 comment
Open

0x52 - MarginAccountHelper will be bricked if registry.marginAccount or insuranceFund ever change #170

sherlock-admin opened this issue Jul 3, 2023 · 1 comment
Labels
Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Won't Fix The sponsor confirmed this issue will not be fixed

Comments

@sherlock-admin
Copy link
Contributor

0x52

medium

MarginAccountHelper will be bricked if registry.marginAccount or insuranceFund ever change

Summary

MarginAccountHelper#syncDeps causes the contract to refresh it's references to both marginAccount and insuranceFund. The issue is that approvals are never made to the new contracts rendering them useless.

Vulnerability Detail

MarginAccountHelper.sol#L82-L87

function syncDeps(address _registry) public onlyGovernance {
    IRegistry registry = IRegistry(_registry);
    vusd = IVUSD(registry.vusd());
    marginAccount = IMarginAccount(registry.marginAccount());
    insuranceFund = IInsuranceFund(registry.insuranceFund());
}

When syncDeps is called the marginAccount and insuranceFund references are updated. All transactions require approvals to one of those two contract. Since no new approvals are made, the contract will become bricked and all transactions will revert.

Impact

Contract will become bricked and all contracts that are integrated or depend on it will also be bricked

Code Snippet

MarginAccountHelper.sol#L82-L87

Tool used

Manual Review

Recommendation

Remove approvals to old contracts before changing and approve new contracts after
@github-actions github-actions bot added Medium A valid Medium severity issue Has Duplicates A valid issue with 1+ other issues describing the same vulnerability labels Jul 10, 2023
@github-actions github-actions bot mentioned this issue Jul 10, 2023
Closed
@0xshinobii 0xshinobii added the Sponsor Confirmed The sponsor acknowledged this issue is valid label Jul 18, 2023
@0xshinobii
Copy link

Valid issue but we will be using syncDeps mainly during the deployment. Later on, since both marginAccount and insuranceFund are upgradeable contracts, their address won't change.

@sherlock-admin sherlock-admin added the Reward A payout will be made for this issue label Jul 19, 2023
@0xshinobii 0xshinobii added the Won't Fix The sponsor confirmed this issue will not be fixed label Aug 7, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Has Duplicates A valid issue with 1+ other issues describing the same vulnerability Medium A valid Medium severity issue Reward A payout will be made for this issue Sponsor Confirmed The sponsor acknowledged this issue is valid Won't Fix The sponsor confirmed this issue will not be fixed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@0xshinobii @sherlock-admin