Configurations updates are inefficient
Summary
In case only 1-2 params of System params or Perp market are subject to change, admins should manually collect the other data since both configureSystemParameters and updatePerpMarketConfiguration require all the struct elements to be passed as arguments instead of only the ones that are being altered.
Vulnerability Details
The issue lies in the fact that in order to modify one of the configurations, admins are not allowed to pass only the changed params, but all the struct params, which can lead to passing wrong or unintended values and changing the configuration. Another flaw is that this process is so inefficient since it requires collecting information, and part of this information is not being returned from the getter functions (getPerpMarketConfiguration), for example, priceAdapter and priceFeedHeartbeatSeconds.
Impact
Update functions require passing both old and new values
Tools Used
Manual Review
Recommendations
Either change the update functions to be able to modify only a selected number of params, or modify the getter functions to return all the needed information to update to be successful.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.