FortisFortuna
commented
2 years ago We are well aware of the permission structure. The owner will most likely be a large multisig. We mentioned the Frax Multisig in the scope too.
Closed code423n4 closed 2 years ago
FortisFortuna
commented
2 years ago We are well aware of the permission structure. The owner will most likely be a large multisig. We mentioned the Frax Multisig in the scope too.
joestakey
commented
2 years ago Duplicate of #107
Lines of code
https://github.com/code-423n4/2022-09-frax/blob/55ea6b1ef3857a277e2f47d42029bc0f3d6f9173/src/frxETHMinter.sol#L166
Vulnerability details
Impact
Entire currentWithheldETH amount can be sent to an arbitrary address; a malicious owner or an attacker which gains ownership could set the address "to" and users founds could be stolen or rug pulled.
Tools Used
Visual studio review
Recommended Mitigation Steps
"To" address should be proposed or whitelisted and then approved by means of a timelock contract.