This repository has been archived by the owner on May 26, 2023. It is now read-only.
lemonmon - system_config: incorrect variable name and missing config update type
#213
Labels
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Reward
A payout will be made for this issue
Specification
An issue related to the specification (low severity)
Comments
github-actions
bot
added
Has Duplicates
This was referenced Feb 20, 2023
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
lemonmon
low
system_config: incorrect variable name and missing config update typeSummary
The specs for system config contains incorrect information and incorrect names for its contents.
overheadandscalarare falsely stated asl1FeeOverheadandl1FeeScalarin multiple occasions.Vulnerability Detail
In the
SystemConfigcontract, there are public variablesoverheadandscalar:https://github.com/sherlock-audit/2023-01-optimism/blob/main/optimism/packages/contracts-bedrock/contracts/L1/SystemConfig.sol#L51-L59
Below the variables
overheadandscalarare incorrectly named asl1FeeOverheadandl1FeeScalarin multiple occasions:https://github.com/sherlock-audit/2023-01-optimism/blob/main/optimism/specs/system_config.md?plain=1#L34
https://github.com/sherlock-audit/2023-01-optimism/blob/main/optimism/specs/system_config.md?plain=1#L73
https://github.com/sherlock-audit/2023-01-optimism/blob/main/optimism/specs/system_config.md?plain=1#L86-L90
In the above snippet:
Line 89: the names of
overheadandscalarIt also is missing the type 3:
The corresponding update code snippets from
SystemConfigare below:https://github.com/sherlock-audit/2023-01-optimism/blob/main/optimism/packages/contracts-bedrock/contracts/L1/SystemConfig.sol#L25-L30
https://github.com/sherlock-audit/2023-01-optimism/blob/main/optimism/packages/contracts-bedrock/contracts/L1/SystemConfig.sol#L169-L175
Impact
factually incorrect information
As the name of variables double as interface to fetch the value, anybody uses the incorrect name in the specs to fetch the values will fail.
Also the specs do not list the possible config update types, so the users may not know that the
unsafeBlockSignercan be updated.Code Snippet
https://github.com/sherlock-audit/2023-01-optimism/blob/main/optimism/packages/contracts-bedrock/contracts/L1/SystemConfig.sol#L51-L59
https://github.com/sherlock-audit/2023-01-optimism/blob/main/optimism/specs/system_config.md?plain=1#L34
https://github.com/sherlock-audit/2023-01-optimism/blob/main/optimism/specs/system_config.md?plain=1#L73
https://github.com/sherlock-audit/2023-01-optimism/blob/main/optimism/specs/system_config.md?plain=1#L86-L90
https://github.com/sherlock-audit/2023-01-optimism/blob/main/optimism/packages/contracts-bedrock/contracts/L1/SystemConfig.sol#L25-L30
https://github.com/sherlock-audit/2023-01-optimism/blob/main/optimism/packages/contracts-bedrock/contracts/L1/SystemConfig.sol#L169-L175
Tool used
Manual Review
Recommendation
Correct the names of the variables and add the missing config update type
The text was updated successfully, but these errors were encountered: