Closed code423n4 closed 2 years ago
How does this benefit beneficiary to stop receiving funds? Mitigation doesn't make sense, how would access control prevent beneficiary from doing this thru a different address?
Creator doesn't have incentive. Marking invalid
Lines of code
https://github.com/code-423n4/2022-05-factorydao/blob/db415804c06143d8af6880bc4cda7222e5463c0e/contracts/SpeedBumpPriceGate.sol#L65
Vulnerability details
Impact
SpeedBumpPriceGate.sol is callable by anyone so the beneficiary can hike the price by calling it with his own ETH (which will be returned to him) or by making a flash loan to raise the price high enough that the gate is effectively closed indefinetely.
Recommended Mitigation Steps
Add access control to the gate or at least document that the beneficiary has this power.