Dizzy Brown Marmot
medium
SolverVault missing a setter function due to which SymmioVaultTokenAddress can't be updaterd after deployment
function initialize(
address _symmioAddress,
address _symmioVaultTokenAddress,
address _solver,
uint256 _minimumPaybackRatio,
uint256 _depositLimit
) public initializer {
__AccessControl_init();
__Pausable_init();
require(_minimumPaybackRatio <= 1e18, "SolverVault: Invalid ratio");
_grantRole(DEFAULT_ADMIN_ROLE, msg.sender);
_grantRole(DEPOSITOR_ROLE, msg.sender);
_grantRole(BALANCER_ROLE, msg.sender);
_grantRole(SETTER_ROLE, msg.sender);
_grantRole(PAUSER_ROLE, msg.sender);
_grantRole(UNPAUSER_ROLE, msg.sender);
setSymmioAddress(_symmioAddress);
setSymmioVaultTokenAddress(_symmioVaultTokenAddress);
setDepositLimit(_depositLimit);
setSolver(_solver);
lockedBalance = 0;
currentDeposit = 0;
minimumPaybackRatio = _minimumPaybackRatio;
}initialize sets all state variables during deployment .
After that address having SETTER_ROLE can update above state variables whenever necessary while setSymmioVaultTokenAddress is an internal function and hence it can't be updated after deployment
function setSymmioVaultTokenAddress(
address _symmioVaultTokenAddress
) internal {
require(_symmioVaultTokenAddress != address(0), "SolverVault: Zero address");
solverVaultTokenAddress = _symmioVaultTokenAddress;
solverVaultTokenDecimals = SolverVaultToken(_symmioVaultTokenAddress)
.decimals();
require(
solverVaultTokenDecimals <= 18,
"SolverVault: SolverVaultToken decimals should be lower than 18"
);
}while setSymmioAddress(), setDepositLimit() and setSolver() all are external functions having proper access control
solverVaultTokenAddress can't be updated
Manual Review
this should have SETTER_ROLE so that it can be updated like other params i.e state variables mentioned above