search

sherlock-audit / 2024-01-telcoin-judging

6 stars 5 forks source link

kgothatso - `TelcoinDistributor :: proposeTransaction ` Council Member can steal all funds #252

Closed sherlock-admin2 closed 5 months ago

sherlock-admin2 commented 5 months ago

kgothatso

high

TelcoinDistributor :: proposeTransaction Council Member can steal all funds

Summary

member can propose a transaction and approve it

Vulnerability Detail

Impact

loss of all funds

Code Snippet

https://github.com/sherlock-audit/2024-01-telcoin/blob/main/telcoin-audit/contracts/protocol/core/TelcoinDistributor.sol#L87

https://github.com/sherlock-audit/2024-01-telcoin/blob/main/telcoin-audit/contracts/protocol/core/TelcoinDistributor.sol#L143

Tool used

Manual Review

Recommendation

another person must approve the proposal

nevillehuang commented 5 months ago

Invalid, insufficient proof, almost no details on impact and finding