Omniscia AllianceBlock Audit
MultiWithDefaultProviderSelector Manual Review Findings
MultiWithDefaultProviderSelector Manual Review Findings
MWD-01M: Incorrect Assignment
| Type | Severity | Location |
|---|---|---|
| Language Specific |  | MultiWithDefaultProviderSelector.sol:L121 |
Description:
The referenced statement is meant to assign the zero-address to the _currentProvider, however, it instead performs an equality check causing the system to enter a corrupt state when the default provider is removed.
Impact:
Presently, a removal of the default provider will cause them to not be in the validProviders entry but still be yielded by the MultiWithDefaultProviderSelector::getProvider function which we consider invalid behaviour.
Example:
contracts/MultiWithDefaultProviderSelector.sol
114function _removeProvider(address provider) internal {115 if (provider == address(0)) revert ZeroAddressProvider();116 if (!this.isValidProvider(provider)) revert ProviderNotFound();117
118 validProviders[provider] = false;119
120 if (provider == _currentProvider) {121 _currentProvider == address(0);122 }123}Recommendation:
We advise the referenced line to have one = character omitted, ensuring it is properly performed as an assignment.
Alleviation (e6f704512a03e960f6cd0802fb70aa284591fe37):
The assignment has been corrected, ensuring that the default provider is correctly cleared when it has been removed.