Some critical parameters (e.g., the maximum number of pools that can be curated) of the Spartan protocol are hard-coded in the contracts and thus unchangeable after the contracts are deployed. Allowing admins to adjust such parameters dynamically makes the code easier to maintain and adds flexibility to the protocol without re-deploying the related contracts.
SamusElderg
commented
3 years ago
Handle
shw
Vulnerability details
Impact
Some critical parameters (e.g., the maximum number of pools that can be curated) of the Spartan protocol are hard-coded in the contracts and thus unchangeable after the contracts are deployed. Allowing admins to adjust such parameters dynamically makes the code easier to maintain and adds flexibility to the protocol without re-deploying the related contracts.
Proof of Concept
Referenced code: Dao.sol#L407 DaoVault.sol#L69 poolFactory.sol#L31
Recommended Mitigation Steps
Consider adding a function with the
onlyDAOmodifier to allow the deployer or DAO to change these parameters in case of need.