#37595 [SC-Insight] `require_caller_is_bo_or_tm_or_sp_or_pm` did not emit correct message
Submitted on Dec 10th 2024 at 04:45:22 UTC by @InquisitorScythe for IOP | Fluid Protocol
Report ID: #37595
Report Type: Smart Contract
Report severity: Insight
Target: https://github.com/Hydrogen-Labs/fluid-protocol/tree/main/contracts/active-pool-contract/src/main.sw
Impacts:
Contract fails to deliver promised returns, but doesn't lose value
Description
Brief/Intro
in require_caller_is_bo_or_tm_or_sp_or_pm
, if it did not pass thecheck, it will emit a error messge: "Active Pool: Caller is not BorrowOperations, TroveManager, ProtocolManager, or DefaultPool", but it actually perfrom checks on stability pool
Vulnerability Details
in contracts/active-pool-contract/src/main.sw
:
it perfrom checks on borrow_operation
, trove_manager
, protocol_manager
, stability_pool
, but error message states DefaultPool
, so the correct message should be Active Pool: Caller is not BorrowOperations, TroveManager, ProtocolManager, or StabilityPool
Impact Details
Deliver wrong message when the checks fails, makes it hard to debug and confuse the users.
References
None
Proof of Concept
Proof of Concept
create test file: