Closed code423n4 closed 2 years ago
The admin of the protocol is Timelock, as such, any method call/arguments must be validated through cosmos-sdk governance.
Worst case scenario would require a re-deploy. In lack of any additional detail am downgrading to QA
Lines of code
https://github.com/Plex-Engineer/lending-market-v2/blob/443a8c0fed3c5018e95f3881a31b81a555c42b2d/contracts/Accountant/AccountantDelegate.sol#L17
Vulnerability details
Impact
Detailed description of the impact of this finding.
admin may rug the project intentionallly or unintentionally if he set the wrong address.
Proof of Concept
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.
the admin need to init treasury, conteaAddress, nodeAddress, comptrollerAddress.
Tools Used
VIM
Recommended Mitigation Steps