Incorrect Access Control in updateQuotaRevenue
Opened this issue · 0 comments
Lines of code
Vulnerability details
Issue
The updateQuotaRevenue is used to update the quota revenue of the pool. This function is critical to the correct functioning of the protocol, as it ensures that the pool's revenue is properly calculated and distributed.
Details
The updateQuotaRevenue function in the PoolV3 contract does not have the correct access control modifier. Instead of using the poolQuotaKeeperOnly modifier, which ensures that only the pool quota keeper can call the function, it uses the creditManagerOnly modifier, which allows any credit manager to call the function.
function updateQuotaRevenue(uint256 revenue) external override creditManagerOnly {
_updateQuotaRevenue(revenue);
}Impact
By allowing any credit manager to call the updateQuotaRevenue function, the protocol is vulnerable to potential attacks or misuse. A malicious credit manager could manipulate the quota revenue, leading to incorrect calculations and unfair distribution of the pool's revenue.
Scenario
Imagine a scenario where a credit manager has a large amount of debt in the pool. They could call the updateQuotaRevenue function with a high revenue value, causing the pool's revenue to be overestimated. This would result in a lower interest rate for borrowers and a lower return for lenders, as the pool's revenue would be distributed based on the inflated value.
Fix
The updateQuotaRevenue function should use the poolQuotaKeeperOnly modifier instead of creditManagerOnly. This will ensure that only the pool quota keeper can update the quota revenue, reducing the risk of unauthorized modifications.
function updateQuotaRevenue(uint256 revenue) external override poolQuotaKeeperOnly {
_updateQuotaRevenue(revenue);
}Assessed type
Access Control