Upgraded Q -> M from #334 [1668467418003]

[c4-judge]

Judge has assessed an item in Issue #334 as M risk. The relevant finding follows:

2. Rug vectors by the owner A malicious owner can call setLBPairImplementation(), setFeeRecipient(), setFlashLoanFee() , setFeesParameters() and forceDecay() to advantage himself at expenses of the users.

setLBPairImplementation(): can be used to silently frontun a pair creation by swapping the implementation with a malicious one and stealing potentially any deposit. setFeeRecipient(): can be used to steal all of the protocol fees not yet collected. setFlashLoanFee(): can be used to frontrun a flashloan by increasing the fee, if the flashloan returns the fee based on the callback parameters. setFeesParameters(): can set the protocol fee to the max 25% and gets the funds for himself in combination with setFeeRecipient(). forceDecay(): can be used to advantage himself in trades. As a mitigation add a timelock and make sure the owner is a multisig and not an EOA.

[c4-judge]

GalloDaSballo marked the issue as duplicate of #139

[Simon-Busch]

Marked this issue as Satisfactory as requested by @GalloDaSballo