Consider adding disallowToken instead of only allowToken function

Question

Consider adding disallowToken instead of only allowToken function

howlbot-integration opened this issue 2 years ago · 6 comments

howlbot-integration commented 2 years ago

Lines of code

https://github.com/code-423n4/2024-05-loop/blob/main/src/PrelaunchPoints.sol#L364

Vulnerability details

Impact

The absence of a disallowToken function in the "PrelaunchPoints" smart contract could potentially lead to various risks and limitations:

Inability to remove unsupported or problematic tokens from the contract's list of supported tokens.

Proof of Concept

/**
 * @notice Disallows a token from being used within the contract
 * @param _token The address of the token to disallow
 * @dev Only the contract owner can call this function
 */
function disallowToken(address _token) external onlyAuthorized {
    isTokenAllowed[_token] = false;
}

Tools Used

Visual Studio Code

Recommended Mitigation Steps

Design the disallowToken function to allow the contract owner to remove specific tokens from the list of supported tokens.

Assessed type

Context

Answer 1 · 2024-05-19T04:19:44.000Z

This poses a security risk in case of malicious owner, since disallowedTokens can be withdrawn by owner

Answer 2 · 2024-05-31T08:16:57.000Z

koolexcrypto changed the severity to QA (Quality Assurance)

Answer 3 · 2024-05-31T08:18:55.000Z

This previously downgraded issue has been upgraded by koolexcrypto

Answer 4 · 2024-05-31T08:19:02.000Z

koolexcrypto marked the issue as primary issue

Answer 5 · 2024-05-31T08:22:43.000Z

koolexcrypto marked the issue as duplicate of #90

Answer 6 · 2024-05-31T08:47:43.000Z

koolexcrypto marked the issue as unsatisfactory:
Invalid