Vulnerable tokens cannot be removed from the isTokenAllowed map

Question

Vulnerable tokens cannot be removed from the isTokenAllowed map

howlbot-integration opened this issue 2 years ago · 3 comments

howlbot-integration commented 2 years ago

Lines of code

https://github.com/code-423n4/2024-05-loop/blob/40167e469edde09969643b6808c57e25d1b9c203/src/PrelaunchPoints.sol#L364-L366

Vulnerability details

Impact

The isTokenAllowed map contains a whitelist of tokens permitted by the project team for users to lock, and tokens can be added to this whitelist through the allowToken function. However, the allowToken function can only add a specified token to the whitelist by setting isTokenAllowed[_token] to true; it does not have the capability to remove tokens from the whitelist by setting isTokenAllowed[_token] to false.

This could result in a scenario where if a token on the whitelist is found to have vulnerabilities, the PrelaunchPoints contract would not be able to remove that token from the whitelist. Consequently, users could still lock the vulnerable token in the contract, potentially exposing the PrelaunchPoints contract to attack, which in severe cases could lead to asset loss.

Tools Used

None

Recommended Mitigation Steps

To address the issue, the allowToken function could be modified as follows:

function allowToken(address _token, bool isAllowed) external onlyAuthorized {
    isTokenAllowed[_token] = isAllowed;
}

Assessed type

Other

Answer 1 · 2024-05-11T12:23:17.000Z

This poses a critical risk for users in case of a malicious owner, since it can withdraw disallowed tokens

Answer 2 · 2024-05-15T13:19:24.000Z

koolexcrypto marked the issue as primary issue

Answer 3 · 2024-05-31T08:47:46.000Z

koolexcrypto marked the issue as unsatisfactory:
Invalid