atvanguard
commented
2 years ago Duplicate of #40
Open code423n4 opened 2 years ago
atvanguard
commented
2 years ago Duplicate of #40
JeeberC4
commented
2 years ago Since this issue was downgraded to a QA level, and the warden did not submit a separate QA report, we've renamed this one to "QA report" for consistency. The original title, for the record, was the admin can liquidate any trader and mint arbitrary vusd amount
Lines of code
https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/AMM.sol#L730 https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/MarginAccount.sol#L599
Vulnerability details
the governance can set the registry, therefore setting also the clearingHouse.
the clearingHouse has permissions to liquidate any trader.
also, they can set the clearingHouse in marginAccount and mint for themselves arbitrary amount of vusd, therefore they can steal all the funds.
Recomendation
don't allow the governance to change the registry.