Evert0x
commented
3 years ago The watsons are a single address, which will/could be the DAO like structure you talk about. Our goal is to keep this logic as separated as possible.
Closed code423n4 closed 3 years ago
Evert0x
commented
3 years ago The watsons are a single address, which will/could be the DAO like structure you talk about. Our goal is to keep this logic as separated as possible.
ghoul-sol
commented
3 years ago per sponsor comment, invalid
Handle
tensors
Vulnerability details
Impact
The Watsons share a single address. As it stands right now the Watsons could be a single person effectively providing insurance with other peoples risk. There should be mechanisms in place to make sure Watson's have an accurate amount of skin in the game.
Proof of Concept
Watsons right now share a single address using capital provided from others to provide liquidity to the protocol. Currently stakers have less control despite having more risk. The Sherlock protocol should consider giving control of premiums and risks to users actually putting up the capital. This could also lead to better decisions as people putting up their own capital may have better risk management and a more accurate picture of the payoffs vs. risks once votes are aggregated.
Recommended Mitigation Steps
There should be a DAO like mechanism in place for control of the Watson address, as well as for votes for protocol premiums and other constants.