Skip to content
This repository has been archived by the owner on May 26, 2023. It is now read-only.

CodingNameKiki - CHANGE_COLLATERAL_DELAY contains a wrong number. #1

Closed
github-actions bot opened this issue Dec 11, 2022 · 0 comments
Closed

CodingNameKiki - CHANGE_COLLATERAL_DELAY contains a wrong number. #1

github-actions bot opened this issue Dec 11, 2022 · 0 comments
Labels
Duplicate Medium Reward

Comments

@github-actions
Copy link

github-actions bot commented Dec 11, 2022
edited
Loading

CodingNameKiki

medium

CHANGE_COLLATERAL_DELAY contains a wrong number.

Summary

CHANGE_COLLATERAL_DELAY contains a wrong number.

Vulnerability Detail

As you can see by the comment next to it, CHANGE_COLLATERAL_DELAY is supposed to be 2 days.
But as how it is right now the delay will be only 200 seconds.
https://github.com/sherlock-audit/2022-11-isomorph/blob/main/contracts/Isomorph/contracts/CollateralBook.sol#L23

As a result the require statement in the function changeCollateralType() can be bypassed after 200 seconds instead of 2 days.
https://github.com/sherlock-audit/2022-11-isomorph/blob/main/contracts/Isomorph/contracts/CollateralBook.sol#L130

Impact

This issue breaks the logic, as the "time delays" are important to the protocol.
And leads to bypassing a certain require statement in a function in a short period of time than it's supposed to be.

Code Snippet

https://github.com/sherlock-audit/2022-11-isomorph/blob/main/contracts/Isomorph/contracts/CollateralBook.sol#L23

Tool used

Manual Review

Recommendation

Change to - uint256 public constant CHANGE_COLLATERAL_DELAY = 2 days;

Duplicate of #191
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Duplicate Medium Reward
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sherlock-admin