Skip to content
This repository has been archived by the owner on May 26, 2023. It is now read-only.

GimelSec - Wrong CHANGE_COLLATERAL_DELAY in CollateralBook #191

Open
github-actions bot opened this issue Dec 11, 2022 · 2 comments
Open

GimelSec - Wrong CHANGE_COLLATERAL_DELAY in CollateralBook #191

github-actions bot opened this issue Dec 11, 2022 · 2 comments
Labels
Has Duplicates Medium Reward Sponsor Confirmed Will Fix

Comments

@github-actions
Copy link

GimelSec

high

Wrong CHANGE_COLLATERAL_DELAY in CollateralBook

Summary

Admins can bypass time delay due to the wrong value of CHANGE_COLLATERAL_DELAY.

Vulnerability Detail

The comment shows that the CHANGE_COLLATERAL_DELAY should be 2 days, but it's only 200 which means 3 minutes and 20 seconds.

Impact

Admin can bypass the 2 days time delay and only need to wait less than 5 minutes to call changeCollateralType.

Code Snippet

https://github.com/sherlock-audit/2022-11-isomorph/blob/main/contracts/Isomorph/contracts/CollateralBook.sol#L23
https://github.com/sherlock-audit/2022-11-isomorph/blob/main/contracts/Isomorph/contracts/CollateralBook.sol#L130

Tool used

Manual Review

Recommendation

uint256 public constant CHANGE_COLLATERAL_DELAY = 2 days; //2 days
This was referenced Dec 11, 2022
Closed
Closed
Closed
Closed
Closed
Closed
@hrishibhat
Copy link
Contributor

Fix PR:
kree-dotcom/isomorph@9bad274

@IAm0x52
Copy link
Collaborator

IAm0x52 commented Jan 7, 2023

Wrong PR linked but delay has been changed from 200 to 2 days

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Has Duplicates Medium Reward Sponsor Confirmed Will Fix
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@hrishibhat @kree-dotcom @sherlock-admin @IAm0x52