Closed c4-judge closed 1 year ago
GalloDaSballo marked the issue as duplicate of #13
Example of a finding without coded POC that is worth 100% even after being upgraded from QA
Ultimately the issue is simple (accounting error), and just a few lines are sufficient to explain it
GalloDaSballo marked the issue as satisfactory
Judge has assessed an item in Issue #19 as 2 risk. The relevant finding follows:
KFC-03L: Inexistent Duplicate Entry Prevention (Affected Lines: L175-L180) The KUMAFeeCollector::changePayees function does not adequately sanitize the new payees, permitting duplicate entries to exist which will cause the contract to significantly misbehave as it would track the _totalShares incorrectly, and perform two payouts with the latest newShares[i] value. We advise the code to add a new if conditional which causes the code to fail if _payees.contains(newPayees[i]) evaluates to true.