search

zlsecure3 / review_Aark

0 stars 0 forks source link

onlyManager granted too many permissions to `Vault::cumulateProtocolFee` function #11

Open zlsecure3 opened 1 year ago

zlsecure3 commented 1 year ago

subject

onlyManager granted too many permissions to Vault::cumulateProtocolFee function

description

Vault::cumulateProtocolFee is in fact only called by FuturesManager and LpManager, never by InsuranceManager, but onlyManager also grants permission to InsuranceManager, which is not necessary, and maybe leveraged in the future.

recommendation

Make the permission more accurate, for example change it to onlyManager(bool includingInsuranceManager) and grant permissions accordingly.

locations

severity

Low

damage

exploitability

category

Code Style

system_generated: auditor:alansh submission_id:1761642299

zlsecure3 commented 1 year ago

grading (edit)

submission_id:1761642299

review_type:GRADING

result: TBD-yes,no

rating: TBD-123

comment: TBD-Rejected,Accepted by Secure3.

severity: TBD-Critical,Medium,Low,Informational

category:

description:

zlsecure3 commented 1 year ago

client feedback (manual copy)

submission_id:1761642299

review_type:CLIENT_FEEDBACK

result: TBD-yes,no

severity: TBD-Critical,Medium,Low,Informational

comment:

zlsecure3 commented 1 year ago

client feedback decision(edit)

submission_id:1761642299

review_type:CLIENT_FEEDBACK_DECISION

result: TBD-yes,no,yes-honored,no-honored

severity: TBD-Critical,Medium,Low,Informational

comment: