frank-beard
commented
2 years ago The Global factory variables are intended to have very minimum controls, with the group behind the governance being intended to modify these parameters correctly.
Open code423n4 opened 2 years ago
frank-beard
commented
2 years ago The Global factory variables are intended to have very minimum controls, with the group behind the governance being intended to modify these parameters correctly.
0xleastwood
commented
2 years ago As per the sponsor's comment, this doesn't really sound like it should be a low severity issue. Marking as non-critical.
Handle
Meta0xNull
Vulnerability details
Impact
Is possible to Set AuctionDecrement = 0 since setAuctionDecrement() Does Not Validate Input. This may break function like settleAuction() which use .auctionDecrement() and Calculate with Other Variables.
Proof of Concept
https://github.com/code-423n4/2021-12-defiprotocol/blob/main/contracts/contracts/Factory.sol#L44-L45 https://github.com/code-423n4/2021-12-defiprotocol/blob/main/contracts/contracts/Auction.sol#L98
Tools Used
Manual Review
Recommended Mitigation Steps
In setAuctionDecrement(), Add Require newAuctionDecrement > 0.
require(newAuctionDecrement > 0);