search

code-423n4 / 2022-01-trader-joe-findings

2 stars 0 forks source link

penaltyCollector can be set to address(0) #304

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Handle

gzeon

Vulnerability details

Impact

https://github.com/code-423n4/2022-01-trader-joe/blob/a1579f6453bc4bf9fb0db9c627beaa41135438ed/contracts/RocketJoeFactory.sol#L167

    function setPenaltyCollector(address _penaltyCollector)
        external
        override
        onlyOwner
    {
        penaltyCollector = _penaltyCollector;
        emit SetPenaltyCollector(_penaltyCollector);
    }

https://github.com/code-423n4/2022-01-trader-joe/blob/a1579f6453bc4bf9fb0db9c627beaa41135438ed/contracts/LaunchEvent.sol#L371

            _safeTransferAVAX(rocketJoeFactory.penaltyCollector(), feeAmount);
cryptofish7 commented 2 years ago

Duplicate of #263