Open hats-bug-reporter[bot] opened 1 month ago
Thank you for your submission. check: https://github.com/hats-finance/Kintsu-0x7d70f9442af3a9a0a734fa6a1b4857f25518e9d2/blob/c9bdc853b18c305de832307b91a9bca0f281f71e/src/vault/lib.rs#L664
the validation is checked, and this will be managed by a governance council
Github username: @neuraldevx Twitter username: -- Submission hash (on-chain): 0x3e4b46b95d1480290018263cabe261636184107d201e164e1ebbc755d8d9854f Severity: low
Description: Description
The adjust_incentive function does not validate the new_incentive parameter, which could lead to setting an impractically high incentive.
Attack Scenario
A malicious actor with the role_adjust_fee privilege could set the incentive to an extremely high value, leading to excessive rewards and potential depletion of the contract's funds.
Attachments
}
Revised Code File (Optional)
Recommendation:
Add validation checks to ensure new_incentive is within a reasonable range.