c4-judge
commented
2 months ago thereksfour marked the issue as satisfactory
Open c4-bot-3 opened 2 months ago
c4-judge
commented
2 months ago thereksfour marked the issue as satisfactory
c4-judge
commented
2 months ago thereksfour marked the issue as confirmed for report
The provided change fully fixes the finding Governance can bypass DAO fee through custom EasyAuction implementation without introducing regressions.
EasyAuctionimplementations are now hardwired in theGnosisTradecontract implementation, which constitutes a good trade-off between:EasyAuctionimplementation can't be updated directly by the governanceGnosisTradeimplementation, which is allowed and safely controlled byversionRegistrywhen setThe change therefore lifts the
EasyAuctionsetting from a lower security that allows Governance to change it freely, to the same level that is given to contract upgrades, and this is consistent with all actions that Governance can take to avoid paying fees.The
EasyAuctionimplementation being used is now one deployed by the sponsor. This contract is identical to the original EasyAuction implementation and no issues were found with it or its deployment parameters.