This repository was archived by the owner on May 26, 2023. It is now read-only.

wagmi - Wrong time delay in `isoUSDToken` #121

Closed

github-actions bot opened this issue Dec 11, 2022 · 0 comments

Labels

Duplicate Medium Reward

github-actions bot commented Dec 11, 2022 •

edited

Loading

wagmi

high

Wrong time delay in `isoUSDToken`

Summary

https://github.com/sherlock-audit/2022-11-isomorph/blob/main/contracts/Isomorph/contracts/isoUSDToken.sol#L10

Vulnerability Detail

Wrong time delay allow doing admin actions without timelock.
It should be 3 days but instead it is just 3 seconds in the code.

Impact

Admin actions can be executed without timelock

Code Snippet

Time delay and RoleControl is setup here
https://github.com/sherlock-audit/2022-11-isomorph/blob/main/contracts/Isomorph/contracts/isoUSDToken.sol#L10-L15

And time delay is initialized in RoleControl
https://github.com/sherlock-audit/2022-11-isomorph/blob/main/contracts/Isomorph/contracts/RoleControl.sol#L29-L31

Tool used

Manual Review

Recommendation

Correcting the value of ISOUSD_TIME_DELAY

Duplicate of #231

The text was updated successfully, but these errors were encountered:

github-actions bot added Duplicate Medium labels

github-actions bot closed this as completed

sherlock-admin added the Reward label

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.