The protocol is open to an administrator's maliciousness.
Proof of Concept
As we can see in this line, the contracts in this project has some sanity checks even for admin only calls.
However, the administrator is free to change a hedge/risk pair timewindow whenever he wants in VaultFactory.sol. This allows him to manipulate when deposits can be done due to this modifier, as long as the period is lower than the epoch begin. An admin could either re-open deposits by lowering the timewindow (which I assume is done by design) but can also block deposits altogether by increasing the timewindow to at least block.timestamp - idEpochBegin[id]
Tools Used
Code reading
Recommended Mitigation Steps
Add a custom error to revert the code if the timewindow is too large
HickupHH3
commented
1 year ago
Lines of code
https://github.com/code-423n4/2022-09-y2k-finance/blob/main/src/Vault.sol#L287-L289
Vulnerability details
Impact
The protocol is open to an administrator's maliciousness.
Proof of Concept
As we can see in this line, the contracts in this project has some sanity checks even for admin only calls.
However, the administrator is free to change a hedge/risk pair timewindow whenever he wants in VaultFactory.sol. This allows him to manipulate when deposits can be done due to this modifier, as long as the period is lower than the epoch begin. An admin could either re-open deposits by lowering the timewindow (which I assume is done by design) but can also block deposits altogether by increasing the timewindow to at least
block.timestamp - idEpochBegin[id]Tools Used
Code reading
Recommended Mitigation Steps
Add a custom error to revert the code if the timewindow is too large