Insufficient verification in multiple CoreRootRouter contract functions
The toggleStrategyToken
, updateStrategyToken
, togglePortStrategy
, and updatePortStrategy
functions in the CoreRootRouter contract initiate cross-chain requests to the branchChain for updating the state of the BranchPort contract. In essence, invoking any of these functions in the CoreRootRouter contract on the rootChain triggers functions with identical names in the BranchPort of the branchChain as a result of cross-chain--message transferring.
However, an issue can arise because these corresponding functions in BranchPort include additional verification checks that are absent in the CoreRootRouter contract. Although the problem is not critical because these functions can only be invoked by the contract's owner, successfully sent cross-chain messages may be reverted, leading to unnecessary gas consumption and commission fees. To address this, we recommend implementing equivalent verification checks as found in the _setPortStrategySettings
and _setStrategyTokenMinimumReservesRatio
functions of the BranchPort contract.