maximebrugel
commented
2 years ago Duplicated : #91 for the missing event
Closed code423n4 closed 2 years ago
maximebrugel
commented
2 years ago Duplicated : #91 for the missing event
maximebrugel
commented
2 years ago Disputed for the timelock, as explained in the documentation (readme) :
"The contracts are owned by the TimelockController contract from OpenZeppelin, set with a 7-days delay. This ensures the community has time to review any changes made to the protocol."
The owner of the TimelockController is a three-party multisignature wallet.
maximebrugel
commented
2 years ago Also duplicate of : #42
alcueca
commented
2 years ago Issues with events are non-critical
Handle
0x0x0x
Vulnerability details
Impact
Missing event and timelock for FeeSplitter. The admin can change Shareholder structure as he wants without notice. Any change in shareholder structure should be emitted and admin shouldn't be controlled just by a private key.
Proof of Concept
https://github.com/code-423n4/2021-11-nested/blob/5d113967cdf7c9ee29802e1ecb176c656386fe9b/contracts/FeeSplitter.sol#L103
Tools Used
Manual analysis