Prefix - feeRecipient can be set to unavailable address, leading to losing funds with withdrawFees #7

github-actions · 2022-11-15T18:48:26Z

Prefix

low

feeRecipient can be set to unavailable address, leading to losing funds with withdrawFees

Medium- feeRecipient can be set to unavailable address, leading to losing funds with withdrawFees

https://github.com/sherlock-audit/2022-10-rage-trade/blob/main/dn-gmx-vaults/contracts/vaults/DnGmxJuniorVault.sol#L294-L311 .

Owner can set the feeRecipient to unavailable address, e.g. 0 by mistake. The next call to withdrawFees loses all the accumulated fees from contract. Even if the owner quickly recognizes the mistake, malicious actor can frontrun next call to setFeeParams with withdrawFees.

Remediation

Consider setting the feeRecipient in two steps like in following example: OpenZeppelin/openzeppelin-contracts#3620 .

The text was updated successfully, but these errors were encountered:

github-actions bot added the Low label Nov 15, 2022

github-actions bot closed this as completed Nov 15, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Prefix - feeRecipient can be set to unavailable address, leading to losing funds with withdrawFees #7

Prefix - feeRecipient can be set to unavailable address, leading to losing funds with withdrawFees #7

github-actions bot commented Nov 15, 2022

Prefix - feeRecipient can be set to unavailable address, leading to losing funds with withdrawFees #7

Prefix - feeRecipient can be set to unavailable address, leading to losing funds with withdrawFees #7

Comments

github-actions bot commented Nov 15, 2022

feeRecipient can be set to unavailable address, leading to losing funds with withdrawFees

Medium- feeRecipient can be set to unavailable address, leading to losing funds with withdrawFees

Remediation