DeFiFoundrySolidity
16,653 OP
View results
Submission Details
Severity: high
Invalid

Centralization of Control

Description: All three strategies have centralized management functions with minimal access controls.

  • setRouter() function allows direct router address modification

  • Permissioned functions use basic modifiers without comprehensive access control

  • Single point of failure for critical configuration changes

Impact:

  • Potential complete protocol compromise

  • Unauthorized router modifications

  • Risk of economic manipulation

Proof of Concept:

function exploit(address maliciousRouter) external {
// An attacker could potentially set a malicious router
strategy.setRouter(maliciousRouter);
}

Recommended Mitigation:

  • Implement multi-signature access control

  • Add time-locks for critical configuration changes

  • Use role-based access control (RBAC)

  • Implement a governance mechanism for router changes

Updates

Appeal created

inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.