Closed code423n4 closed 2 years ago
https://github.com/code-423n4/2022-02-tribe-turbo/blob/main/src/modules/TurboClerk.sol#L36 https://github.com/code-423n4/2022-02-tribe-turbo/blob/main/src/modules/TurboClerk.sol#L70 https://github.com/code-423n4/2022-02-tribe-turbo/blob/main/src/modules/TurboClerk.sol#L88
setDefaultFeePercentage, setCustomFeePercentageForCollateral and setCustomFeePercentageForSafe functions should have a timelock to give users time to react to the fee changes. ref: https://github.com/code-423n4/2021-11-overlay-findings/issues/120
Manual Analysis
Consider adding a timelock for changes which would effect users.
This is a configuration consideration, not an issue with the code. These functions will be managed by governance modules which have timelocks associated. Disputing the issue
Not a vulnerability
Lines of code
https://github.com/code-423n4/2022-02-tribe-turbo/blob/main/src/modules/TurboClerk.sol#L36 https://github.com/code-423n4/2022-02-tribe-turbo/blob/main/src/modules/TurboClerk.sol#L70 https://github.com/code-423n4/2022-02-tribe-turbo/blob/main/src/modules/TurboClerk.sol#L88
Vulnerability details
Impact
setDefaultFeePercentage, setCustomFeePercentageForCollateral and setCustomFeePercentageForSafe functions should have a timelock to give users time to react to the fee changes. ref: https://github.com/code-423n4/2021-11-overlay-findings/issues/120
Proof of Concept
https://github.com/code-423n4/2022-02-tribe-turbo/blob/main/src/modules/TurboClerk.sol#L36 https://github.com/code-423n4/2022-02-tribe-turbo/blob/main/src/modules/TurboClerk.sol#L70 https://github.com/code-423n4/2022-02-tribe-turbo/blob/main/src/modules/TurboClerk.sol#L88
Tools Used
Manual Analysis
Recommended Mitigation Steps
Consider adding a timelock for changes which would effect users.