search

code-423n4 / 2022-03-volt-findings

0 stars 0 forks source link

The problem of incompatible governer and Gaurdian in minting and redeeming #103

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-03-volt/blob/f1210bf3151095e4d371c9e9d7682d9031860bbd/contracts/peg/NonCustodialPSM.sol#L130

Vulnerability details

Impact

Mint and redeem are important issue, and the two roles of "governer" and "gurdian" have simultaneous access to run these functions(by "onlyGuardianOrGovernor" modefier) . When there is a discrepancy or inconsistency between these two roles, the proper functioning of these functions is disturbed, Risk severity : Medium

Recommended Mitigation Steps:

Using another logic instead of onlyGuardianOrGovernor in the modifier, for example eleminate one role or using AND instead of OR in modefier.

ElliotFriedman commented 2 years ago

Governor and guardian are the same group of incentive aligned users, and will not disagree on when things need to be paused. Additionally, the governor will be behind a timelock, so the governor will take days to act while the guardian can move instantaneously.