Closed code423n4 closed 2 years ago
https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L130
If there's any operation error that set gov wrong will lead to severe, unrecoverable damage for the protocol
gov
Manual
2 step procedure: register gov as pending and a transaction from gov to confirm pending gov to be gov. Perhaps combine with some kind of Timelock will make it more robust
pending
pending gov
Timelock
Withdrawn by cylzxje
code423n4
commented
2 years ago
Lines of code
https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L130
Vulnerability details
Impact
If there's any operation error that set
govwrong will lead to severe, unrecoverable damage for the protocolProof of Concept
https://github.com/code-423n4/2022-10-inverse/blob/main/src/Market.sol#L130
Tools Used
Manual
Recommended Mitigation Steps
2 step procedure: register
govaspendingand a transaction fromgovto confirmpending govto be gov. Perhaps combine with some kind ofTimelockwill make it more robust