Closed code423n4 closed 2 years ago
Duplicate of #263
While this could impact availability and potential cause some small fund loss, the likelihood of it occurring is very low given that these are all admin level functions. I agree with the sponsor and other wardens who ranked this low risk.
Handle
UncleGrandpa925
Vulnerability details
Issue
Lack of checks for data passed into onlyOwner functions.
For example:
setPenaltyCollector
. This may lead to penalty being silently transferred to address zero in LaunchEvent.setRouter
. This may lead to LaunchEvent's interaction with router (in createPool) to permanently revert, forcing emergency.setPhaseDuration
,setPhaseOneNoFeeDuration
&setRJoePerAvax
, opening up the possibility of erroneous values being set in LaunchEvents, possibly causing these events to be aborted & tokens to be redeployed (since there can only be one LaunchEvent for one token).In conclusion, the lack of checks for these important functions may seriously affect the launch of protocols.
Recommended Mitigation Steps
Note
Proposing this as Medium after reffering to a few past reports where there weren't sufficient checks for onlyOwner functions may disrupt the availability of the protocol. Considering the fact that the launch of any protocols is a very important event for them, these issues shouldn't happen.