Closed code423n4 closed 2 years ago
While this is a valid suggestion, it doesn't necessarily indicate a vulnerability in the existing approach. A timelock can indeed increase trust, but it never truly eliminates the same risk (i.e.: once the timelock finishes, the same theoretical attacks from a malicious operator could happen anyway)
We will set admin as a timelock
Handle
Dravee
Vulnerability details
Impact
To give more trust to users: functions that set key/critical variables should be put behind a timelock.
Proof of Concept
https://github.com/code-423n4/2022-01-sandclock/blob/main/sandclock/contracts/strategy/BaseStrategy.sol#L249-L253
Tools Used
VS Code
Recommended Mitigation Steps
Add a timelock to setter functions of key/critical variables.