Centralization Risk: The contract has an owner role that can set fees, which introduces centralization risk. If the owner's account is compromised, the fee could be set to an unfavorable rate within the allowed range.
Vulnerability Detail
@ > function setStableWithdrawFee(uint256 _stableWithdrawFee) public onlyOwner {
// Set fee cap to max 1%.
// This is to avoid fat fingering but if any change is needed, the owner needs to
// upgrade this module.
if (_stableWithdrawFee > 0.01e18) revert FlatcoinErrors.InvalidFee(_stableWithdrawFee);
stableWithdrawFee = _stableWithdrawFee;
Impact
If the owner's account is compromised, the fee could be set to an unfavorable rate within the allowed range.
bareli
medium
Centralization Risk
Summary
Centralization Risk: The contract has an owner role that can set fees, which introduces centralization risk. If the owner's account is compromised, the fee could be set to an unfavorable rate within the allowed range.
Vulnerability Detail
@ > function setStableWithdrawFee(uint256 _stableWithdrawFee) public onlyOwner { // Set fee cap to max 1%. // This is to avoid fat fingering but if any change is needed, the owner needs to // upgrade this module. if (_stableWithdrawFee > 0.01e18) revert FlatcoinErrors.InvalidFee(_stableWithdrawFee);
Impact
If the owner's account is compromised, the fee could be set to an unfavorable rate within the allowed range.
Code Snippet
https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/StableModule.sol#L263
Tool used
Manual Review
Recommendation
use multisig or dao for instead of onlyowner