Arbitrary Updates by the Owner in SystemConfig contract
Hello Tradle,
Functions like updateMarket, updateUserPlatformFeeRate, and updateReferralExtraRateMap allow the owner to arbitrarily update critical variables.
Potential Issue: This centralization introduces a single point of failure. If the owner’s key is compromised, an attacker could drastically alter the system’s fee structures or marketplace configurations.
Mitigation: Consider implementing multi-signature authorization for critical functions or a time-delay mechanism for such updates, allowing stakeholders to review and potentially veto harmful changes.
Lead Judging Commences
[invalid] finding-Admin-Errors-Malicious
The following issues and its duplicates are invalid as admin errors/input validation/malicious intents are1 generally considered invalid based on [codehawks guidelines](https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity#findings-that-may-be-invalid). If they deploy/set inputs of the contracts appropriately, there will be no issue. Additionally admins are trusted as noted in READ.ME they can break certain assumption of the code based on their actions, and
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.