Omniscia Rari Capital Audit

CEtherDelegate Manual Review Findings

CON-01M: Inconsistent Access Control

Type	Severity	Location
Logical Fault	Minor	CEtherDelegate.sol:L29, L41

Description:

The linked require checks seem to be unadjusted code from the original Compound codebase and do not conform to the new access-control paradigm of utilizing the hasAdminRights() utility function that contains additional checks.

Example:

contracts/CEtherDelegate.sol

20function _becomeImplementation(bytes memory data) public {
21    // Shh -- currently unused
22    data;
23
24    // Shh -- we don't ever want this hook to be marked pure
25    if (false) {
26        implementation = address(0);
27    }
28
29    require(msg.sender == admin, "only the admin may call _becomeImplementation");
30}

Recommendation:

We advise them to be replaced by proper invocations of the hasAdminRights() inherited function.

Alleviation:

The Rari team responded by stating that they slimmed down the codebase prior to the audit and reverted certain changes they had made to the admin-specific access control imposed on certain functions. In the latest commit, they have restored all references to hasAdminRights() ensuring proper enforcement of the new access control system.

Omniscia Rari Capital Audit

CEtherDelegate Manual Review Findings

CEtherDelegate Manual Review Findings

CON-01M: Inconsistent Access Control

Description:

Example:

Recommendation:

Alleviation:

CEther.sol (CER-M)

CEtherDelegator.sol (CON-M)

On this page