Submission Details
Impact:
Likelihood:
Lack of Transparency in Administrative Actions
Root + Impact
Description
While the contract emits events for administrative actions, there are no mechanisms for community oversight, proposal periods, or transparency requirements before critical changes are made. Users must trust the owner's decisions without input or advance notice.
Risk
Impact:
-
Creates trust issues and potential for:
Unexpected changes affecting user strategies
Lack of community input on important decisions
Reduced protocol credibility and adoption
Potential for conflicts of interest
Proof of Concept
// No proposal period, voting, or community input required
function setAllowedSellToken(address _token, bool _isAllowed) external onlyOwner {
allowedSellToken[_token] = _isAllowed;
emit TokenAllowed(_token, _isAllowed);
}
// Change takes effect immediately
// Users have no advance warning or ability to prepare
Recommended Mitigation
Implement governance proposals with voting periods
Add minimum notice periods for significant changes
Create a community forum for discussing proposed changes
Implement transparent decision-making processes
Add ability for community to veto certain administrative actions
Rewards breakdown
nSLOC
217This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.