Open madMax92221 opened 8 months ago
Impact: Medium, because a protocol can be broken and the code could give a false calculations
Likelihood: Medium, as it can be gamed but it needs compromised / malicious owner
The _rewardMultiplier param in createRiskPool() is not constrained in any way.
_rewardMultiplier
createRiskPool()
Another instances where an upper constrain is missing are:
CapitalAgent.sol
SingleSidedInsurancePool.sol
SingleSidedReinsurancePool.sol
setMinLPCapital()
setBuyPolicyMaxDeadline()
policyClaim()
setBuyPolicyMaxDeadlineInPolicy()
Set reasonable lower and upper constrains for these params.
Acknowledged
Severity
Impact: Medium, because a protocol can be broken and the code could give a false calculations
Likelihood: Medium, as it can be gamed but it needs compromised / malicious owner
Description
The
_rewardMultiplier
param increateRiskPool()
is not constrained in any way.Another instances where an upper constrain is missing are:
CapitalAgent.sol
that involve uint256 as a paramSingleSidedInsurancePool.sol
that involve uint256 as a paramSingleSidedReinsurancePool.sol
that involve uint256 as a paramsetMinLPCapital()
setBuyPolicyMaxDeadline()
policyClaim()
setBuyPolicyMaxDeadlineInPolicy()
Recommendation
Set reasonable lower and upper constrains for these params.