search

code-423n4 / 2024-01-salty-findings

4 stars 3 forks source link

Centralization Risk #993

Closed c4-bot-9 closed 5 months ago

c4-bot-9 commented 5 months ago

Lines of code

https://github.com/code-423n4/2024-01-salty/blob/main/src/price_feed/PriceAggregator.sol#L37

Vulnerability details

Impact

Detailed description of the impact of this finding.

Centralization Risk: The contract relies on the owner to manage price feeds and settings, which introduces a central point of failure. If the owner's account is compromised, the attacker could manipulate the price feeds or settings.

Proof of Concept

Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. @>> function setInitialFeeds( IPriceFeed _priceFeed1, IPriceFeed _priceFeed2, IPriceFeed _priceFeed3 ) public onlyOwner { require( address(priceFeed1) == address(0), "setInitialFeeds() can only be called once" );

    priceFeed1 = _priceFeed1;
    priceFeed2 = _priceFeed2;
    priceFeed3 = _priceFeed3;
    }

@ >>function setPriceFeed( uint256 priceFeedNum, IPriceFeed newPriceFeed ) public onlyOwner { @>> function changeMaximumPriceFeedPercentDifferenceTimes1000(bool increase) public onlyOwner {

Tools Used

VS code

Recommended Mitigation Steps

use multsig

Assessed type

Access Control

c4-judge commented 5 months ago

Picodes marked the issue as unsatisfactory: Out of scope