Closed code423n4 closed 2 years ago
goatbug
function setMinLicenseFee(uint256 newMinLicenseFee) public override onlyOwner { minLicenseFee = newMinLicenseFee; } function setAuctionDecrement(uint256 newAuctionDecrement) public override onlyOwner { auctionDecrement = newAuctionDecrement; }
Both min license fee and auction decrement have no restrictions on the values that can be set.
This can be critical and block the contract if a too high value or zero value is set.
I.e. the min license fee could be set higher than the total amount, causing revert.
Similar applies with the decrement.
it is assumed the owner is trustworthy in this version of the protocol, however we will add mitigations and further decentralization in future updates
Duplicate of #119
Handle
goatbug
Vulnerability details
Impact
Proof of Concept
Both min license fee and auction decrement have no restrictions on the values that can be set.
This can be critical and block the contract if a too high value or zero value is set.
I.e. the min license fee could be set higher than the total amount, causing revert.
Similar applies with the decrement.
Tools Used
Recommended Mitigation Steps