Detailed description of the impact of this finding.
Centralization Risk: The contract relies on the owner to manage price feeds and settings, which introduces a central point of failure. If the owner's account is compromised, the attacker could manipulate the price feeds or settings.
Proof of Concept
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.
@>> function setInitialFeeds( IPriceFeed _priceFeed1, IPriceFeed _priceFeed2, IPriceFeed _priceFeed3 ) public onlyOwner
{
require( address(priceFeed1) == address(0), "setInitialFeeds() can only be called once" );
Lines of code
https://github.com/code-423n4/2024-01-salty/blob/main/src/price_feed/PriceAggregator.sol#L37
Vulnerability details
Impact
Detailed description of the impact of this finding.
Centralization Risk: The contract relies on the owner to manage price feeds and settings, which introduces a central point of failure. If the owner's account is compromised, the attacker could manipulate the price feeds or settings.
Proof of Concept
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. @>> function setInitialFeeds( IPriceFeed _priceFeed1, IPriceFeed _priceFeed2, IPriceFeed _priceFeed3 ) public onlyOwner { require( address(priceFeed1) == address(0), "setInitialFeeds() can only be called once" );
@ >>function setPriceFeed( uint256 priceFeedNum, IPriceFeed newPriceFeed ) public onlyOwner { @>> function changeMaximumPriceFeedPercentDifferenceTimes1000(bool increase) public onlyOwner {
Tools Used
VS code
Recommended Mitigation Steps
use multsig
Assessed type
Access Control