Omniscia Euler Finance Audit

YieldAggregator Manual Review Findings

YAR-01M: Inexistent Override of Role Renunciation

Type	Severity	Location
Standard Conformity		YieldAggregator.sol:L89, L98

Description:

The YieldAggregator implementation will override the AccessControlUpgradeable::grantRole and AccessControlUpgradeable::revokeRole functions to restrict EVC based access to the account owner, however, the AccessControlUpgradeable::renounceRole function remains as is.

Impact:

It is presently possible for a role to be renounced by a party that is not the actual EVC account owner.

Example:

src/YieldAggregator.sol

88/// @dev Overriding grantRole().
89function grantRole(bytes32 role, address account)
90    public
91    override (IAccessControl, AccessControlUpgradeable)
92    onlyEVCAccountOwner
93{
94    super.grantRole(role, account);
95}
96
97/// @dev Overriding revokeRole().
98function revokeRole(bytes32 role, address account)
99    public
100    override (IAccessControl, AccessControlUpgradeable)
101    onlyEVCAccountOwner
102{
103    super.revokeRole(role, account);
104}

Recommendation:

We advise the AccessControlUpgradeable::renounceRole function to be overridden accordingly, ensuring that only the EVC account owner can perform access control related operations on the YieldAggregator.

Alleviation:

The AccessControlUpgradeable::renounceRole function is appropriately overridden in the latest YieldAggregator (now EulerEarn) implementation, addressing this exhibit.

Omniscia Euler Finance Audit

YieldAggregator Manual Review Findings

YieldAggregator Manual Review Findings

YAR-01M: Inexistent Override of Role Renunciation

Description:

Impact:

Example:

Recommendation:

Alleviation:

Fee.sol (FEE-M)

YieldAggregatorFactory.sol (YAF-M)

On this page