Open code423n4 opened 2 years ago
It's about warden appreciation of our ownership architecture versus ours. We can imagine many other malicious scenarios, assuming that the Multisig/Timelock/OwnerProxy combination is not enough to prevent the protocol from being compromised.
Lines of code
https://github.com/code-423n4/2022-06-nested/blob/b4a153c943d54755711a2f7b80cbbf3a5bb49d76/contracts/NestedFactory.sol#L159-L172
Vulnerability details
Impact
Managers can raise entryFees and exitFees to 100% through emergency proposals, which will frontrun the user's entry or exit process.
Proof of Concept
https://github.com/code-423n4/2022-06-nested/blob/b4a153c943d54755711a2f7b80cbbf3a5bb49d76/contracts/governance/TimelockControllerEmergency.sol#L295-L301 https://github.com/code-423n4/2022-06-nested/blob/b4a153c943d54755711a2f7b80cbbf3a5bb49d76/contracts/NestedFactory.sol#L159-L172
Tools Used
None
Recommended Mitigation Steps
Consider adding a limit to exitFees and entryFees in the setExitFees and setEntryFees function