2 matches found
It is possible to override pool params in PoolRegistry.sol since the creator field is never set for a venus pool
Lines of code Vulnerability details Proof of Concept PoolRegistry.createPoolRegistry will call PoolRegistry.registerPool which will make a check on the creator field for a pool. VenusPool memory venusPool = poolByComptrollercomptroller; requirevenusPool.creator == address0, "PoolRegistry: Pool...
Inadequate checks for comptroller in PoolRegistry#addMarket allows malicious comptrollers to be added
Lines of code Vulnerability details Impact Malicious comptrollers will be available in the protocol Proof of Concept The addMarket function only checks that the input.comptroller is not the 0 address, but does not check if the comptroller was actually created by the PoolRegistry contract. A...