Open code423n4 opened 3 years ago
Gonna do that
Disagree with the finding, the blocklock is a feature not a bug, if this were to be a repeated issue we would have to change a lot more
agree with sponsor, marking as low
risk as it is still a useful to consider implementing such a change.
Handle
WatchPug
Vulnerability details
https://github.com/Badger-Finance/badger-ibbtc-utility-zaps/blob/a5c71b72222d84b6414ca0339ed1761dc79fe56e/contracts/SettToRenIbbtcZap.sol#L268-L271
Recommendation
Considering that the
RENCRV_SETT
contract is also controlled by BadgerDAO and it's upgradable.We suggest upgrading it and whitelisting the zap contracts.