Closed code423n4 closed 2 years ago
PENDING_STRATEGIST_TIMELOCK
is constant and I think there is no plan to change it to zero because that will remove its main purpose.
I agree with the "sponsor disputed" tag.
Because PENDING_STRATEGIST_TIMELOCK
the logic mentioned by the warden cannot happen. Disputed
Handle
cmichel
Vulnerability details
The
Manager.acceptStrategist
function has a strict inequality check for the current block and the pending strategist time:Impact
If the
PENDING_STRATEGIST_TIMELOCK
is set to zero, it still cannot accept the strategist usingsetStrategist
and accept it in the same block.Recommended Mitigation Steps
It should be
require(block.timestamp >= setPendingStrategistTime.add(PENDING_STRATEGIST_TIMELOCK)