Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Orderly Network>Threat Model>changeTokenAddressAndAllow
GeneralOverview
Findings
Critical (1)
High (4)
Medium (3)
Informational (1)
DiscussionAdditional checksOverall issues with some functionsThe `changeFeeCollector` does not revertThe `tokenHash` is not a hash from `tokenAddress`
Threat ModelWhat are threat models?AccountTypeHelper.solAccountTypePositionHelper.solCrossChainRelayUpgradeable.solFeeManager.solLedger.solLedgerComponent.solLedgerCrossChainManagerUpgradeable.solMarketManager.solOperatorManager.solOperatorManagerComponent.solSignature.sol
Vault.solchangeTokenAddressAndAllowdepositdepositToemergencyPauseemergencyUnpausesetAllowedBrokersetAllowedTokensetCrossChainManagerwithdraw
VaultCrossChainManagerUpgradeable.solVaultManager.sol
Audit ResultsSummary

Function: changeTokenAddressAndAllow(byte[32] _tokenHash, address _tokenAddress)

This allows the owner of the contract to set and change the token address related to the token hash. When users initiate a deposit action, they can only control the hash of a token when the token address itself is controlled by the contract owner. This means that it can change, so even with the same hash value, the user can withdraw tokens other than those that were deposited. Also the different _tokenHash can be connected to the same _tokenAddress.

Zellic © 2024Back to top ↑