Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

contract OverlayV1OI isn't abstract #62

Open
code423n4 opened this issue Nov 22, 2021 · 0 comments
Open

contract OverlayV1OI isn't abstract #62

code423n4 opened this issue Nov 22, 2021 · 0 comments
Labels
1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments bug Something isn't working sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons

Comments

@code423n4
Copy link
Contributor

Handle

gpersoon

Vulnerability details

Impact

The contract OverlayV1Market is abstract and includes several other contracts that are also abstract.
The only deviation is the contract OverlayV1OI which isn't abstract.

The risk is that OverlayV1OI could be accidentally deployed separately.

Proof of Concept

https://github.com/code-423n4/2021-11-overlay/blob/914bed22f190ebe7088194453bab08c424c3f70c/contracts/market/OverlayV1Market.sol#L13

abstract contract OverlayV1Market is OverlayV1Governance {

https://github.com/code-423n4/2021-11-overlay/blob/914bed22f190ebe7088194453bab08c424c3f70c/contracts/market/OverlayV1Governance.sol#L11-L14

abstract contract OverlayV1Governance is OverlayV1Comptroller,  OverlayV1OI,  OverlayV1PricePoint {

https://github.com/code-423n4/2021-11-overlay/blob/914bed22f190ebe7088194453bab08c424c3f70c/contracts/market/OverlayV1Comptroller.sol#L9

abstract contract OverlayV1Comptroller {

https://github.com/code-423n4/2021-11-overlay/blob/914bed22f190ebe7088194453bab08c424c3f70c/contracts/market/OverlayV1OI.sol#L6

contract OverlayV1OI {    // only contract that isn't abstract

https://github.com/code-423n4/2021-11-overlay/blob/914bed22f190ebe7088194453bab08c424c3f70c/contracts/market/OverlayV1PricePoint.sol#L7

abstract contract OverlayV1PricePoint {

Tools Used

Recommended Mitigation Steps

Make contract OverlayV1OI also abstract
@code423n4 code423n4 added 1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments bug Something isn't working labels Nov 22, 2021
code423n4 added a commit that referenced this issue Nov 22, 2021
@code423n4
gpersoon issue #62
c84e6b1
@mesozoic-technology mesozoic-technology added sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons and removed sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue labels Dec 7, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments bug Something isn't working sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mesozoic-technology @code423n4