Part 2
Zaros
PerpetualsDEXFoundrySolidity
70,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Insecure Access Controls on Critical Functions

luffy

Summary

Critical functions lack proper access control, allowing unauthorized actors to manipulate protocol parameters.

Vulnerability Details

Functions like setAutoDeleveragingParams or updateDynamicCaps in MarketCreditBranch or CreditDelegationBranch may not enforce onlyOwner/onlyPerpsEngine modifiers.

Impact

Attackers could disable auto-deleveraging, set malicious caps, or drain funds.

Tools Used

Manual review, Slither (access control detector).

Recommendations

Use OpenZeppelin’s AccessControl to restrict critical functions to trusted roles (e.g., DEFAULT_ADMIN_ROLE).

Updates

Lead Judging Commences

inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Lack of quality

Appeal created

luffy Submitter
10 months ago
inallhonesty Lead Judge
10 months ago
inallhonesty Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Lack of quality

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!