[M-05] `LiquidityPool.withApproval()`: Wards not checked, not allowing authorized admin to call functions

# Lines of code

https://github.com/code-423n4/2023-09-centrifuge/blob/main/src/LiquidityPool.sol#L97-L100


# Vulnerability details

## Impact
[LiquidityPool.sol#L97-L100](https://github.com/code-423n4/2023-09-centrifuge/blob/main/src/LiquidityPool.sol#L97-L100)
```solidity
modifier withApproval(address owner) {
    require(msg.sender == owner, "LiquidityPool/no-approval");
    _;
}
```

The `withApproval()` modifier is supposed to allow an authorized admin designated as ward to call certain specified functions such as `withdraw()/redeem()/requestDeposit()/requestRedeem()/decreaseDepositRequest()/decreaseRedeemRequest()`. However, there is a lack of check of the `wards` mapping allowing that to be performed, thus any authorized admin assigned as ward cannot call this functions as intended, breaking logic.


## Tools Used
Manual Analysis

## Recommendation
```diff
modifier withApproval(address owner) {
-   require(msg.sender == owner, "LiquidityPool/no-approval");
+   require(msg.sender == owner || wards[msg.sender] == 1, "LiquidityPool/no-approval");
    _;
}
```


## Assessed type

Context

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[M-05] `LiquidityPool.withApproval()`: Wards not checked, not allowing authorized admin to call functions #559

Lines of code

Vulnerability details

Impact

Tools Used

Recommendation

Assessed type

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[M-05] LiquidityPool.withApproval(): Wards not checked, not allowing authorized admin to call functions #559

Description