SetReputationManager does not check if address is a contract

Summary

The function initialize checks whether the input for the reputationManager is a contract. However, in the function setReputationManager, there is no such check.

Vulnerability Detail

The initialize makes this check

https://github.com/sherlock-audit/2023-03-teller/blob/main/teller-protocol-v2/packages/contracts/contracts/TellerV2.sol#L197-L201

However, the function SetReputationManager does not

https://github.com/sherlock-audit/2023-03-teller/blob/main/teller-protocol-v2/packages/contracts/contracts/TellerV2.sol#L258-L260

A market owner can set the Reputation Manager to be a contract and then change the ReputationManger to be an address. Without a reputation manager, many functions will not work properly

Impact

See above

Code Snippet

Tool used

Manual Review

Recommendation

Add a check to make sure that the Reputation Manager is a contract

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

084.md

084.md

SetReputationManager does not check if address is a contract

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

Files

084.md

Latest commit

History

084.md

File metadata and controls

SetReputationManager does not check if address is a contract

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation