No max for advanceIncentive #190
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Comments
code423n4
added
2 (Med Risk)
0xScotch
added
the
disagree with severity
|
Definitely need to guard against arbitrarily large incentives. Disagree the risk is medium though. |
0xScotch
removed
the
disagree with severity
0xScotch
added
the
sponsor confirmed
|
Agree with the finding, this is an example of admin privilege, where the admin can set a variable which can be used to dilute the token and rug the protocol. Because this is contingent on the admin's action, I believe medium severity to be proper |
|
The simple rationale on the medium severity is that the owner could set the incentive to an exorbitant amount with the goal of minting a lot of tokens for an exit scam |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Handle
gpersoon
Vulnerability details
Impact
The function setAdvanceIncentive of DAO.sol doesn't check for a maximum value of incentive.
If incentivewould be very large, then advanceIncentive would be very large and the function advance() would mint a large amount of malt.
The function setAdvanceIncentive() can only be called by an admin, but a mistake could be made.
Also if an admin would want to do a rug pull, this would be an ideal place to do it.
Proof of Concept
https://github.com/code-423n4/2021-11-malt/blob/d3f6a57ba6694b47389b16d9d0a36a956c5e6a94/src/contracts/DAO.sol#L98-L104
https://github.com/code-423n4/2021-11-malt/blob/d3f6a57ba6694b47389b16d9d0a36a956c5e6a94/src/contracts/DAO.sol#L55-L63
Tools Used
Recommended Mitigation Steps
Check for a reasonable maximum value in advance()
The text was updated successfully, but these errors were encountered: