You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on May 26, 2023. It is now read-only.
Owner can set the feeRecipient to unavailable address, e.g. 0 by mistake. The next call to withdrawFees loses all the accumulated fees from contract. Even if the owner quickly recognizes the mistake, malicious actor can frontrun next call to setFeeParams with withdrawFees.
Prefix
low
feeRecipient can be set to unavailable address, leading to losing funds with withdrawFees
Medium- feeRecipient can be set to unavailable address, leading to losing funds with withdrawFees
https://github.com/sherlock-audit/2022-10-rage-trade/blob/main/dn-gmx-vaults/contracts/vaults/DnGmxJuniorVault.sol#L294-L311 .
Owner can set the feeRecipient to unavailable address, e.g. 0 by mistake. The next call to
withdrawFees
loses all the accumulated fees from contract. Even if the owner quickly recognizes the mistake, malicious actor can frontrun next call tosetFeeParams
withwithdrawFees
.Remediation
Consider setting the
feeRecipient
in two steps like in following example: OpenZeppelin/openzeppelin-contracts#3620 .The text was updated successfully, but these errors were encountered: