Open code423n4 opened 2 years ago
oishun1112
commented
2 years ago from user experience, the amount of money user has to pay doesn't change by the feeRate. User pays premium. feeRate is ratio how much of premium goes to governance instead of insurance sellers.
oishun1112
commented
2 years ago So yes, maybe we need to set timelock for changing InsureDAO's premium model
oishun1112
commented
2 years ago I'll put this as acknowledge
0xean
commented
2 years ago going to downgrade this to low severity as I don't see this as a way of compromising assets immediately.
Handle
Dravee
Vulnerability details
Impact
To give more trust to users: functions that set key/critical variables should be put behind a timelock.
Proof of Concept
https://github.com/code-423n4/2022-01-insure/blob/main/contracts/Parameters.sol#L177-L184
Tools Used
VS Code
Recommended Mitigation Steps
Add a timelock to setter functions of key/critical variables.