Description: All three strategies have centralized management functions with minimal access controls.
setRouter()
function allows direct router address modification
Permissioned functions use basic modifiers without comprehensive access control
Single point of failure for critical configuration changes
Impact:
Potential complete protocol compromise
Unauthorized router modifications
Risk of economic manipulation
Proof of Concept:
Recommended Mitigation:
Implement multi-signature access control
Add time-locks for critical configuration changes
Use role-based access control (RBAC)
Implement a governance mechanism for router changes
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.