Open code423n4 opened 1 year ago
Good report with a good signal
JustDravee marked the issue as grade-a
Hi @JustDravee,
I noticed your note about communicating with the sponsor regarding [03] ALLOWING ShortCollateral.refresh FUNCTION TO BE CALLABLE BY ANYONE CAN BE DANGEROUS
. I wonder if this has been communicated and which risk level this issue is associated with. Should this issue be considered as a low risk or a medium risk?
Thanks again for your time and work!
Medium severity for [03] seems fair. To quote the sponsor:
We only meant refresh to be called once to propagate the addresses, but this could be dangerous in a situation where the warden explained. It is unlikely that any of these addresses change as all Synthetix contracts under proxies 103 & 105 are DoS attacks though. Even though you can request the services of withdraw, it'll never get executed after the attack.
JustDravee marked the issue as selected for report
See the markdown file with the details of this report here.