frank-beard
commented
2 years ago it is assumed the owner is trustworthy in this version of the protocol, however we will add mitigations and further decentralization in future updates
Open code423n4 opened 2 years ago
frank-beard
commented
2 years ago it is assumed the owner is trustworthy in this version of the protocol, however we will add mitigations and further decentralization in future updates
GalloDaSballo
commented
2 years ago Agree with the finding, users are taking "owner privileges" risks while interacting with the protocol. The warden has identified a specific grief / DOS that the owner can cause
Handle
leastwood
Vulnerability details
Impact
The
onlyOwnerrole is able to make changes to the protocol with an immediate affect, while other changes made inBasket.solandAuction.solincur a one day timelock. As a result, anonlyOwnerrole may unintentionally frontrun asettleAuction()transaction by making changes toauctionDecrementandauctionMultiplier, potentially causing the auction bonder to over compensate during a rebalance. Additionally, there is no way for an auction bonder to recover their tokens in the event this does happen.Proof of Concept
https://github.com/code-423n4/2021-09-defiProtocol/blob/main/contracts/contracts/Factory.sol#L39-L59 https://github.com/code-423n4/2021-09-defiProtocol/blob/main/contracts/contracts/Auction.sol#L89-L99
Tools Used
Manual code review
Recommended Mitigation Steps
Consider adding a timelock delay to all functions affecting protocol execution. Alternatively,
bondForRebalance()can set state variables for any external calls made toFactory.sol(i.e.factory.auctionMultiplier()andfactory.auctionDecrement()), ensuring thatsettleAuction()is called according to these expected results.