werg
commented
3 years ago Timelock will be handled by governance
Open code423n4 opened 3 years ago
werg
commented
3 years ago Timelock will be handled by governance
zscole
commented
3 years ago Maintaining submission rating of 2 (Med Risk) because this presents a vulnerability at the time of review.
Handle
s1m0
Vulnerability details
Impact
Functions like setLeveragePercent and setLiquidationThresholdPercent for both IsolatedMarginTrading (https://github.com/code-423n4/marginswap/blob/main/contracts/IsolatedMarginTrading.sol) and CrossMarginTrading (https://github.com/code-423n4/marginswap/blob/main/contracts/CrossMarginTrading.sol) should be put behind a timelock because they would give more trust to users. Now the owner could call them whenever he wants and a position could become liquidable from a block to the other.
Proof of Concept
-
Tools Used
Manual analysis.
Recommended Mitigation Steps
Add a timelock to setter functions of critical variables.