Broad Jetblack Alligator
Medium
The permanent inaccessibility of the SolidlyV2Amo.sol::setWhitelistedTokens function will limit the protocol's ability to adapt. This will prevent administrators from updating the approved reward tokens
https://github.com/sherlock-audit/2024-10-axion/blob/c65e662999d0c79439703fc6713814b4ad023e01/liquidity-amo/contracts/SolidlyV2AMO.sol#L148
In SolidlyV2AMO.sol, the SETTER_ROLE is revoked in the initialize function after initial setup, and there's no mechanism to reassign this role. The setWhitelistedTokens function, which requires the SETTER_ROLE, becomes permanently inaccessible.
- SolidlyV2AMO contract needs to be deployed and initialized.
- The initialize function revokes the SETTER_ROLE from the msg.sender.
- No function exists to reassign the SETTER_ROLE after initialization.
No response
- The contract is deployed and initialized.
- The SETTER_ROLE is automatically revoked from the deployer.
- Attempts to call setWhitelistedTokens will revert due to lacking SETTER_ROLE.
- The contract cannot add any whitelisted tokens.
The protocol cannot add any whitelisted tokens including (FOT).
No response
- Add the setWhitelistedTokens functionality directly within the initialize function, setting up the initial whitelist during contract deployment. Alternately, you can assign a different role to this function to make it accessible.