Hidden Graphite Guppy
Medium
Unassigned REFINANCIER_ROLE in PredictDotLoan Contract leads to no one to be allowed to batch the refiancing loans
The PredictDotLoan contract defines a role, REFINANCIER_ROLE, which is essential for executing refinancing operations. However, this role is not assigned to any address within the contract's constructor, preventing any user from performing bateched refinancing actions. This oversight could lead to significant functionality issues, as the contract relies on this role for critical operations. It is recommended to grant the REFINANCIER_ROLE to an appropriate address, such as the contract owner, to ensure the intended functionality is preserved and accessible.
The REFINANCIER_ROLE is defined but not assigned to any address in the constructor and the function refinance can be only called by this role.
- https://github.com/sherlock-audit/2024-09-predict-fun/blob/main/predict-dot-loan/contracts/PredictDotLoan.sol#L184
- https://github.com/sherlock-audit/2024-09-predict-fun/blob/main/predict-dot-loan/contracts/PredictDotLoan.sol#L502
function refinance(
Refinancing[] calldata refinancings
) external nonReentrant whenNotPaused onlyRole(REFINANCIER_ROLE) {NA
NA
NA
Without assignment, no address can perform batched refinancing operations, which may lead to functionality issues.
NA
constructor(
address _owner,
address _protocolFeeRecipient,
address _ctfExchange,
address _negRiskCtfExchange,
address _umaCtfAdapter,
address _negRiskUmaCtfAdapter
) EIP712("predict.loan", "1") {
// ... existing code ...
_grantRole(REFINANCIER_ROLE, _owner); // Grant the REFINANCIER_ROLE to the owner
// ... existing code ...
}