c4-judge
commented
1 year ago berndartmueller marked the issue as unsatisfactory: Insufficient quality
Closed code423n4 closed 1 year ago
c4-judge
commented
1 year ago berndartmueller marked the issue as unsatisfactory: Insufficient quality
Lines of code
https://github.com/code-423n4/2023-01-numoen/blob/2ad9a73d793ea23a25a381faadc86ae0c8cb5913/src/core/Factory.sol#L18
Vulnerability details
Impact
Detailed description of the impact of this finding.
There is no check for the value of upperBound to ensure that it is not set to an unreasonable value. There is no access control mechanism to limit who can call the createLendgine function.
Proof of Concept
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.
To demonstrate the medium level vulnerability, a simple test case can be created where upperBound is set to a very large value and verify that the contract does not fail.