Open code423n4 opened 2 years ago
from user experience, the amount of money user has to pay doesn't change by the feeRate. User pays premium. feeRate is ratio how much of premium goes to governance instead of insurance sellers.
So yes, maybe we need to set timelock for changing InsureDAO's premium model
I'll put this as acknowledge
going to downgrade this to low severity as I don't see this as a way of compromising assets immediately.
Handle
Dravee
Vulnerability details
Impact
To give more trust to users: functions that set key/critical variables should be put behind a timelock.
Proof of Concept
https://github.com/code-423n4/2022-01-insure/blob/main/contracts/Parameters.sol#L177-L184
Tools Used
VS Code
Recommended Mitigation Steps
Add a timelock to setter functions of key/critical variables.