Fjord Token Staking
Fjord
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Excessive Centralization of Control in AuctionFactory

thopatevijay

Vulnerability Details:

The FjordAuctionFactory contract concentrates significant control in the owner role. The owner can unilaterally change critical addresses and create auctions without any checks or balances.

Impact:

This centralization could potentially be abused to create malicious auctions or manipulate the system, undermining trust and potentially causing financial losses to users.

Proof of Concept:

Link to code

function setOwner(address _newOwner) external onlyOwner {
if (_newOwner == address(0)) revert InvalidAddress();
owner = _newOwner;
}
function createAuction(
address auctionToken,
uint256 biddingTime,
uint256 totalTokens,
bytes32 salt
) external onlyOwner {
// ... auction creation logic ...
}

The owner can change ownership and create auctions without any additional authorization or time-locks.

Tools Used: Manual review

Recommendations:

  • Implement a multi-signature wallet or a timelock for sensitive operations.

  • Consider implementing a governance mechanism for critical decisions.

  • Add events for all owner actions to increase transparency.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.