search

code-423n4 / 2022-11-paraspace-findings

7 stars 4 forks source link

Upgraded Q -> M from #404 [1674736828553] #521

Closed c4-judge closed 1 year ago

c4-judge commented 1 year ago

Judge has assessed an item in Issue #404 as M risk. The relevant finding follows:

[L‑06] Owner can renounce while system is paused

The contract owner or single user with a role is not prevented from renouncing the role/ownership while the contract is paused, which would cause any user assets stored in the protocol, to be locked indefinitely

There is 1 instance of this issue:

File: paraspace-core/contracts/misc/NFTFloorOracle.sol

183       function setPause(address _asset, bool _flag)
184           external
185           onlyRole(DEFAULT_ADMIN_ROLE)
186       {
187           assetFeederMap[_asset].paused = _flag;
188           emit AssetPaused(_asset, _flag);
189:      }

https://github.com/code-423n4/2022-11-paraspace/blob/c6820a279c64a299a783955749fdc977de8f0449/paraspace-core/contracts/misc/NFTFloorOracle.sol#L183-L189

[L‑11] Centralization risks

The admin can set whatever price they wish, causing anyone with NFT collateral to be liquidatable. The admin can also set a WETH address that just steals the funds. These operations should have more checks for market conditions before being allowed.

File: /paraspace-core/contracts/misc/NFTFloorOracle.sol   #1

195      function setPrice(address _asset, uint256 _twap)
196          public
197          onlyRole(UPDATER_ROLE)
198          onlyWhenAssetExisted(_asset)
199          whenNotPaused(_asset)
200      {
201          bool dataValidity = false;
202          if (hasRole(DEFAULT_ADMIN_ROLE, msg.sender)) {
203              _finalizePrice(_asset, _twap);
204              return;
205:         }

https://github.com/code-423n4/2022-11-paraspace/blob/c6820a279c64a299a783955749fdc977de8f0449/paraspace-core/contracts/misc/NFTFloorOracle.sol#L195-L205

File: /paraspace-core/contracts/protocol/configuration/PoolAddressesProvider.sol   #2

235      function setWETH(address newWETH) external override onlyOwner {
236          address oldWETH = _addresses[WETH];
237          _addresses[WETH] = newWETH;
238          emit WETHUpdated(oldWETH, newWETH);
239:     }

https://github.com/code-423n4/2022-11-paraspace/blob/c6820a279c64a299a783955749fdc977de8f0449/paraspace-core/contracts/protocol/configuration/PoolAddressesProvider.sol#L235-L239

c4-judge commented 1 year ago

dmvt marked the issue as duplicate of #54

c4-judge commented 1 year ago

dmvt marked the issue as satisfactory