Open code423n4 opened 2 years ago
These are good suggestions. In my opinion powerThreshold should probably just be hard coded at this point. GravityID being empty is not a vulnerability I had considered before.
reopening as per judges assessment as "primary issue" on findings sheet
Handle
pauliax
Vulnerability details
Impact
There are a few validations that could be added to the system: the constructor could check that _gravityId is not empty. state_powerThreshold should always be greater than 0, otherwise, anyone will be available to execute actions.
Recommended Mitigation Steps
Consider implementing suggested validations.