Upgraded Q -> 2 from #808 [1706659279669]

c4-judge commented 5 months ago

Judge has assessed an item in Issue #808 as 2 risk. The relevant finding follows:

[L‑02] Anyone can `distribute()` only 1 wei to extend rebase time to `DISTRIBUTION_PERIOD`

consider introducing a PROFIT_DISTRIBUTION role and adding access control on distribute().

Update the visibility of distribute() in ERC20RebaseDistributor:

-   function distribute(uint256 amount) external {
+   function distribute(uint256 amount) public {

Add access control by overriding distribute() in CreditToken:

    function distribute(uint256 amount) public override onlyCoreRole(CoreRoles.PROFIT_DISTRIBUTION) {
        super.distribute(amount);
    }

PROFIT_DISTRIBUTION role should be granted to ProfitManager when deployed.

c4-judge commented 5 months ago

Trumpero marked the issue as duplicate of #966

c4-judge commented 5 months ago

Trumpero marked the issue as partial-50

piken commented 4 months ago

Thanks for upgrading this issue to med!

I would like to know the reason why it was marked as partial-50. Very appreciate if you can reply this and let me learn some rules from this judging.

Trumpero commented 4 months ago

@piken commented here