search

sherlock-audit / 2023-12-flatmoney-judging

9 stars 8 forks source link

bareli - Centralization Risk #228

Closed sherlock-admin2 closed 5 months ago

sherlock-admin2 commented 5 months ago

bareli

medium

Centralization Risk

Summary

Centralization Risk: The contract has an owner role that can set fees, which introduces centralization risk. If the owner's account is compromised, the fee could be set to an unfavorable rate within the allowed range.

Vulnerability Detail

@ > function setStableWithdrawFee(uint256 _stableWithdrawFee) public onlyOwner { // Set fee cap to max 1%. // This is to avoid fat fingering but if any change is needed, the owner needs to // upgrade this module. if (_stableWithdrawFee > 0.01e18) revert FlatcoinErrors.InvalidFee(_stableWithdrawFee);

    stableWithdrawFee = _stableWithdrawFee;

Impact

If the owner's account is compromised, the fee could be set to an unfavorable rate within the allowed range.

Code Snippet

https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/StableModule.sol#L263

Tool used

Manual Review

Recommendation

use multisig or dao for instead of onlyowner

sherlock-admin commented 5 months ago

1 comment(s) were left on this issue during the judging contest.

takarez commented:

invalid

nevillehuang commented 5 months ago

Invalid, admins are trusted entities trusted to set appropriate parameters