SamusElderg
commented
3 years ago Intended; at this point, the DAO will not set these variables; only the deployer/constructor; having this modifier however leaves the door open to adding to the DAO later down the track. @verifyfirst anything to add?
ghoul-sol
Handle
0xsanson
Vulnerability details
Impact
The function setParams() in synthVault is supposed to be called by the Dao, but this contract doesn't have it, causing the impossibility to update the parameters by the protocol.
Proof of Concept
https://github.com/code-423n4/2021-07-spartan/blob/main/contracts/synthVault.sol#L81
Tools Used
editor
Recommended Mitigation Steps
Add the setParams() function to Dao.sol.