search

code-423n4 / 2022-01-trader-joe-findings

2 stars 0 forks source link

Timelock could be set to 0 #316

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Handle

pedroais

Vulnerability details

Impact

Timelock could be set to 0

Proof of Concept

Lack of input check for user timelock, it should always be greater than 0. https://github.com/code-423n4/2022-01-trader-joe/blob/a1579f6453bc4bf9fb0db9c627beaa41135438ed/contracts/LaunchEvent.sol#L246

Recommended Mitigation Steps

Require user timelock != 0

cryptofish7 commented 2 years ago

This is by design

dmvt commented 2 years ago

sometimes you just don't want a timelock. Invalid.