search

code-423n4 / 2022-06-nested-findings

0 stars 1 forks source link

NestedFactory: Manipulations of setExitFees and setEntryFees #26

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-06-nested/blob/b4a153c943d54755711a2f7b80cbbf3a5bb49d76/contracts/NestedFactory.sol#L159-L172

Vulnerability details

Impact

Managers can raise entryFees and exitFees to 100% through emergency proposals, which will frontrun the user's entry or exit process.

Proof of Concept

https://github.com/code-423n4/2022-06-nested/blob/b4a153c943d54755711a2f7b80cbbf3a5bb49d76/contracts/governance/TimelockControllerEmergency.sol#L295-L301 https://github.com/code-423n4/2022-06-nested/blob/b4a153c943d54755711a2f7b80cbbf3a5bb49d76/contracts/NestedFactory.sol#L159-L172

Tools Used

None

Recommended Mitigation Steps

Consider adding a limit to exitFees and entryFees in the setExitFees and setEntryFees function

obatirou commented 2 years ago

Disputed

It's about warden appreciation of our ownership architecture versus ours. We can imagine many other malicious scenarios, assuming that the Multisig/Timelock/OwnerProxy combination is not enough to prevent the protocol from being compromised.