c4-judge
commented
1 year ago dmvt marked the issue as duplicate of #186
Closed c4-judge closed 1 year ago
c4-judge
commented
1 year ago dmvt marked the issue as duplicate of #186
c4-judge
commented
1 year ago dmvt marked the issue as satisfactory
Judge has assessed an item in Issue #523 as 2 risk. The relevant finding follows:
Title Add function for feeRecipient change in MultiRewardEscrow.sol contract
Links to affected code https://github.com/code-423n4/2023-01-popcorn/blob/d95fc31449c260901811196d617366d6352258cd/src/utils/MultiRewardEscrow.sol#L191
Vulnerability details Impact If account feeRecipient would be compromised, or the protocol owner wants from some other reason to change this address, it must be setter function setFeeRecipient.
Tools Used Manual reviewing
Recommended Mitigation Steps function setFeeRecipient(address _feeRecipient) external onlyOwner { if (_feeRecipient == address(0)) revert ZeroAddress(); feeRecipient = _feeRecipient; }