Skip to content
This repository has been archived by the owner on May 26, 2023. It is now read-only.

0xjayne - Collateral can be changed in less than intended 3 or 2 day governance timelock #9

Closed
github-actions bot opened this issue Dec 11, 2022 · 0 comments
Closed

0xjayne - Collateral can be changed in less than intended 3 or 2 day governance timelock #9

github-actions bot opened this issue Dec 11, 2022 · 0 comments
Labels
Duplicate Medium Reward

Comments

@github-actions
Copy link

github-actions bot commented Dec 11, 2022
edited
Loading

0xjayne

medium

Collateral can be changed in less than intended 3 or 2 day governance timelock

Summary

changeCollateralType() waits for CHANGE_COLLATERAL_DELAY amount of time from when it was queued before changing the collateral type details. CHANGE_COLLATERAL_DELAY is however hardcoded to 200 which means 200 seconds and is not 2 days as mentioned in the comment or 3 days as mentioned in the documentation markdown.

Vulnerability Detail

CHANGE_COLLATERAL_DELAY is hardcoded to 200 seconds instead of the intended 2 or 3 days time. So collateral type details can be changed within 200 seconds of it being queued making the timelock almost redundant and useless.

Impact

Collateral details can be changed in less than 200 seconds of it being queued.

Code Snippet

The line here defined the value of CHANGE_COLLATERAL_DELAY which is used by the timelock in changeCollateralType() function be changed as below
public constant CHANGE_COLLATERAL_DELAY = 2 days

Tool used

Manual Review

Recommendation

change to the below line
public constant CHANGE_COLLATERAL_DELAY = 2 days

Duplicate of #191
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Duplicate Medium Reward
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sherlock-admin