Updating the vault and accruing lending protocol interest rates are unrestricted

Summary: Updating the vault and accruing lending protocol interest rates can be Dos'ed. The unsigned user would be able to update the vault manager. And then debase the vault manager. Not to forget that the interest would also be updated.

Locations: https://github.com/sherlock-audit/2024-12-numa-audit/blob/main/Numa/contracts/NumaProtocol/NumaPrinter.sol#L216-L234

https://github.com/sherlock-audit/2024-12-numa-audit/blob/main/Numa/contracts/NumaProtocol/VaultManager.sol#L576-L586)

https://github.com/sherlock-audit/2024-12-numa-audit/blob/main/Numa/contracts/NumaProtocol/VaultManager.sol#L910-L917

https://github.com/sherlock-audit/2024-12-numa-audit/blob/main/Numa/contracts/NumaProtocol/VaultManager.sol#L576-L586

Proof Of Concept (POC): For the POC, I build a foundry test. The foundry test would:

Impersonate a genuine user maliciously.
Then call the updateVaultAndInterest function.
Which would update the vault manager and also accrue interest.

forge test -vvvvv --match-test test_sherlock

function test_sherlock() public {
address malificent = address(0xfeefdeef);
vm.startPrank(malificent);
numaPrinter.updateVaultAndInterest();
vm.stopPrank();
}

Mitigation: To mitigate this issue, add an onlyRole or onlyOwner access modifier to the function.

function updateVaultAndInterest()
+     public onlyOwner
-     public
     returns (
         uint scale,
         uint criticalScaleForNumaPriceAndSellFee,
         uint sell_fee_res
     )
 {

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

028.md

028.md

Updating the vault and accruing lending protocol interest rates are unrestricted

Files

028.md

Latest commit

History

028.md

File metadata and controls

Updating the vault and accruing lending protocol interest rates are unrestricted