search

sherlock-audit / 2024-01-telcoin-judging

6 stars 5 forks source link

bareli - lock funds indefinitely or make challenging impractical due to challengePeriod . #54

Closed sherlock-admin closed 9 months ago

sherlock-admin commented 9 months ago

bareli

medium

lock funds indefinitely or make challenging impractical due to challengePeriod .

Summary

The challengePeriod is set during construction and can be updated by the owner, but there is no check to prevent setting it to an unreasonably high or low value, which could either lock funds indefinitely or make challenging impractical.

Vulnerability Detail

function setChallengePeriod(uint256 newPeriod) public onlyOwner { //update period challengePeriod = newPeriod; // Emitting an event for new period emit ChallengePeriodUpdated(challengePeriod); }

Impact

there is no check to prevent setting it to an unreasonably high or low value, which could either lock funds indefinitely or make challenging impractical.

Code Snippet

https://github.com/sherlock-audit/2024-01-telcoin/blob/main/telcoin-audit/contracts/protocol/core/TelcoinDistributor.sol#L210

Tool used

Manual Review

Recommendation

Duplicate of #7

sherlock-admin2 commented 9 months ago

1 comment(s) were left on this issue during the judging contest.

takarez commented:

invalid because { This is invalid because the constructor is admin controlled which will make sure everthing is in place}\