Organization
- @morpho
Engagement Type
Spearbit Web3
Period
-
Repositories
Researchers
Findings
Low Risk
1 findings
0 fixed
1 acknowledged
Informational
2 findings
1 fixed
1 acknowledged
Low Risk1 finding
isInRegistry does not check whether parent vault was deployed by a designated VaultV2 factory
State
- Acknowledged
Severity
- Severity: Low
≈
Likelihood: High×
Impact: Low Submitted by
Saw-mon and Natalie
Description
Both
isInRegistry
implementations inMorphoMarketV1Registry
andMorphoVaultV1Registry
do not check whether the parent vault of the adapter was deployed by a fixed designatedVaultV2
factory.Recommendation
Introduce an immutable
VaultV2
factory in these contracts and inisInRegistry
check that the parent vault of the adapter was deployed by that fixedVaultV2
factory.
Informational2 findings
Duplicate
State
- Acknowledged
Severity
- Severity: Informational
Submitted by
MiloTruck
Context: RegistryList.sol#L32-L38
Description:
In
RegistryList
,addSubRegistry()
does not check ifsubRegistry
already exists in thesubRegistries
list:/// @dev Adding a subRegistry that reverts or makes looping too gas consuming will make new registries uneffective/// (vaults will not be able to validate adapters that would be validated by registries that have been added after).function addSubRegistry(address subRegistry) external { require(msg.sender == owner, "Not owner"); subRegistries.push(subRegistry); emit AddSubRegistry(subRegistry);}
As such, duplicate sub-registries can be added to the
subRegistries
list. However, note that there is no impact apart fromisInRegistry()
possibly consuming more gas.Recommendation:
This behavior could be documented.
Morpho: Acknowledged.
Spearbit: Acknowledged.
sub-registries could break the add-only assumption for adapters
Severity
- Severity: Informational
Submitted by
Saw-mon and Natalie
Description
The add only assumption needs to be transitively assumed/stated/forced for sub-registries of a registry.
Recommendation
Perhaps it can be added to the documentation.