You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
/** * @notice Sets the address of the Beacon contract used for the collateral escrow contracts. * @param _collateralEscrowBeacon The address of the Beacon contract. */function setCollateralEscrowBeacon(address_collateralEscrowBeacon)
externalreinitializer(2)
{
collateralEscrowBeacon = _collateralEscrowBeacon;
}
Mitigation
for setCollateralEscrowBeacon() set onlyTellerV2 modifier.
The text was updated successfully, but these errors were encountered:
Petite Pewter Orangutan
High
No access control on
setCollateralEscrowBeacon
Summary
CollateralManager::setCollateralEscrowBeacon can be called by anyone.
Root Cause
No response
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
An attacker can set the escrow beacon and drain funds.
As we can see it has
reinitializer
, which means it can be changed.PoC
CollateralManager::setCollateralEscrowBeacon
Mitigation
for
setCollateralEscrowBeacon()
setonlyTellerV2
modifier.The text was updated successfully, but these errors were encountered: