Governed/ExternallyGoverned contracts have capability for emergency governance; however, none of the functions actually use it. Meaning no function has the emergency_governed or externallyEmergencyGoverned modifiers.
This leads to wasted gas on every Stream deployment.
Also, perhaps some confusion if somebody is reading the code.
Handle
kenzo
Vulnerability details
Governed/ExternallyGoverned contracts have capability for emergency governance; however, none of the functions actually use it. Meaning no function has the
emergency_governed
orexternallyEmergencyGoverned
modifiers.This leads to wasted gas on every Stream deployment.
Also, perhaps some confusion if somebody is reading the code.
Proof of Concept
Grep result for the modifiers:
So they are not actually used anywhere.
Tools Used
Pick, shovel.
Recommended Mitigation Steps
Remove unnecessary functionality.