Critical address should be changed with a two-step process
Summary
Important address changes need to follow a two-step process.
https://github.com/Cyfrin/2023-10-SteadeFi/blob/0f909e2f0917cb9ad02986f631d622376510abec/contracts/strategy/gmx/GMXVault.sol#L575-L578
https://github.com/Cyfrin/2023-10-SteadeFi/blob/0f909e2f0917cb9ad02986f631d622376510abec/contracts/strategy/gmx/GMXVault.sol#L585-L588
https://github.com/Cyfrin/2023-10-SteadeFi/blob/0f909e2f0917cb9ad02986f631d622376510abec/contracts/strategy/gmx/GMXVault.sol#L595-L598
Vulnerability Details
Critical operations are prone to errors due to the lack of a two-step procedure.
In the present scenario, if an incorrect address is provided for the treasury, and a deposit or withdrawal occurs immediately afterward, fees will be minted for the incorrect address. Even though it can be changed later, the delay in doing so remains an issue, and this same situation applies to other addresses as well.
Impact
If the owner inadvertently provides an incorrect address to one of these functions, they might only realize the mistake later, and by that time, it could be too late.
Tools Used
Manual
Recommendations
Consider adding a two step procedure on the critical functions.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.