Omniscia Steer Protocol Audit
QuickSwapWhitelistedSingleLiquidityManager Manual Review Findings
QuickSwapWhitelistedSingleLiquidityManager Manual Review Findings
QSL-01M: Potentially Insecure Sanitization of Deposit
| Type | Severity | Location |
|---|---|---|
| Logical Fault |  | QuickSwapWhitelistedSingleLiquidityManager.sol:L72-L78 |
Description:
The QuickSwapWhitelistedSingleLiquidityManager::deposit call will sanitize the to address rather than the msg.sender as being authorized to perform deposits contrary to the purpose of the whitelist.
Impact:
It is presently possible for any user to perform a deposit for the benefit of an authorized member in contrast to how the whitelist is meant to be applied.
Example:
59function deposit(60 uint256 amount0Desired,61 uint256 amount1Desired,62 uint256 amount0Min,63 uint256 amount1Min,64 address to65)66 public67 virtual68 override69 returns (uint256 shares, uint256 amount0Used, uint256 amount1Used)70{71 // Check that user is authorized to deposit72 require(73 IBareWhitelistRegistry(whitelistManager).permissions(74 address(this),75 to76 ) == 1,77 "whitelist"78 );Recommendation:
We advise the code to ensure that the msg.sender has the relevant permission from the whitelistManager in addition to the to address, which should be considered optional as the actual user that performs the QuickSwapWhitelistedSingleLiquidityManager::deposit action is the msg.sender.
Alleviation (0c3f85c7c11805ac412fe291f5681bef26da7244):
The Steer Protocol team evaluated this exhibit and specified that the intention of the security check is to ensure the LP units minted are done so to a whitelisted address.
A msg.sender that is not whitelisted should be able to deposit on behalf of a whitelisted address and the LP units minted can then be freely transferred; the minting operation is what the Steer Protocol team is concerned with and wishes to protect.
As a result of these additional statements by the Steer Protocol team, we consider this exhibit nullified as it represents desirable behaviour.