BogoCvetkov
commented
3 weeks ago Although the issue makes sense, it is a bit of an abstract one. The goal of the CTF is to find concrete, exploitable issues.
A good recommendation though!
Open dimi6oni opened 1 month ago
BogoCvetkov
commented
3 weeks ago Although the issue makes sense, it is a bit of an abstract one. The goal of the CTF is to find concrete, exploitable issues.
A good recommendation though!
Description:
The contract sets a fixed deposit amount (depositRequired) at deployment, with no mechanism to change it afterwards. While this prevents unauthorized changes, it also means the contract cannot adapt to significant changes in ETH value or market conditions.
Impact
Over time, if the value of ETH changes significantly, the fixed deposit amount could become either too high (discouraging usage) or too low (potentially not covering gas costs for withdrawals). This could impact the protocol's long-term viability and usability.
Remediation
Implement a function to update depositRequired with appropriate access controls: address public owner;
constructor(uint256 _depositAmount) ERC721("CtfNFT", "CNFT") { require(_depositAmount >= MIN_DEPOSIT, "Min deposit"); depositRequired = _depositAmount; owner = msg.sender; }
function updateDepositRequired(uint256 newDepositAmount) external { require(msg.sender == owner, "Only owner can update"); require(newDepositAmount >= MIN_DEPOSIT, "Min deposit"); depositRequired = newDepositAmount; }