Upgraded Q -> M from #366 [1670366311052] #526
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
duplicate-33
satisfactory
Finding meets requirement
Comments
c4-judge
added
the
2 (Med Risk)
|
dmvt marked the issue as duplicate of #33 |
|
dmvt marked the issue as satisfactory |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Judge has assessed an item in Issue #366 as M risk. The relevant finding follows:
https://github.com/debtdao/Line-of-Credit/blob/e8aa08b44f6132a5ed901f8daa231700c5afeb3a/contracts/utils/MutualConsent.sol#L11
Mutual consent works by using two TXs with the same msg.data. However, when first one call, there is no way to cancel it. First caller might send wrong msg.data or later caller change the mind in the midway.
Since it's not possible to cancel the process, later caller can take benefit and call it in the future.
Recommendation
Consider allowing to cancel the mutual consent process after some time interval.
The text was updated successfully, but these errors were encountered: