Omniscia Rari Capital Audit

CErc20Delegate Manual Review Findings

CErc20Delegate Manual Review Findings

CED-01M: Inconsistent Access Control

TypeSeverityLocation
Logical FaultMinorCErc20Delegate.sol:L29, L41

Description:

The linked require checks seem to be unadjusted code from the original Compound codebase and do not conform to the new access-control paradigm of utilizing the hasAdminRights() utility function that contains additional checks.

Recommendation:

We advise them to be replaced by proper invocations of the hasAdminRights() inherited function.

Alleviation:

The Rari team responded by stating that they slimmed down the codebase prior to the audit and reverted certain changes they had made to the admin-specific access control imposed on certain functions. In the latest commit, they have restored all references to hasAdminRights() ensuring proper enforcement of the new access control system.