Open code423n4 opened 2 years ago
https://github.com/code-423n4/2022-06-infinity/blob/765376fa238bbccd8b1e2e12897c91098c7e5ac6/contracts/staking/InfinityStaker.sol#L364-L372
In the function updatePenalties#InfinityExchange.sol
updatePenalties#InfinityExchange.sol
function updatePenalties( uint16 threeMonthPenalty, uint16 sixMonthPenalty, uint16 twelveMonthPenalty ) external onlyOwner { THREE_MONTH_PENALTY = threeMonthPenalty; SIX_MONTH_PENALTY = sixMonthPenalty; TWELVE_MONTH_PENALTY = twelveMonthPenalty;
}
There are not limits and also as this is a critical function lack of event emission is crucial as user need to be aware of penalties at the time of call rageQuit
rageQuit
Add a maximum reasonable for penalties and emit an event
Duplicate
Fair consideration. Lowering risk and converting this into a QA report for the warden.
Lines of code
https://github.com/code-423n4/2022-06-infinity/blob/765376fa238bbccd8b1e2e12897c91098c7e5ac6/contracts/staking/InfinityStaker.sol#L364-L372
Vulnerability details
PoC
In the function
updatePenalties#InfinityExchange.sol
}
There are not limits and also as this is a critical function lack of event emission is crucial as user need to be aware of penalties at the time of call
rageQuit
Recommended
Add a maximum reasonable for penalties and emit an event