RoyaltyVaultFactory - everyone can set the platform fee and recipient to themselves and receive all the tokens users pay to themselves and steal all the vault's tokens (add the onlyOwner to these functions) - an attacker can change the fee to 99.99% to steal almost all the tokens as the fee receiver (the splitter requires amount > 0)
Lines of code
https://github.com/code-423n4/2022-03-joyn/blob/c9297ccd925ebb2c44dbc6eaa3effd8db5d2368a/royalty-vault/contracts/RoyaltyVaultFactory.sol#L52-L76
Vulnerability details
Impact
RoyaltyVaultFactory
- everyone can set the platform fee and recipient to themselves and receive all the tokens users pay to themselves and steal all the vault's tokens (add theonlyOwner
to these functions) - an attacker can change the fee to 99.99% to steal almost all the tokens as the fee receiver (the splitter requires amount > 0)Tools Used
VS Code and Remix
Recommended Mitigation Steps
add the
onlyOwner
modifier to these functions