Upgraded Q -> M from #366 [1670366311052] #526
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
duplicate-33
satisfactory
Finding meets requirement
Judge has assessed an item in Issue #366 as M risk. The relevant finding follows:
https://github.com/debtdao/Line-of-Credit/blob/e8aa08b44f6132a5ed901f8daa231700c5afeb3a/contracts/utils/MutualConsent.sol#L11
Mutual consent works by using two TXs with the same msg.data. However, when first one call, there is no way to cancel it. First caller might send wrong msg.data or later caller change the mind in the midway.
Since it's not possible to cancel the process, later caller can take benefit and call it in the future.
Recommendation
Consider allowing to cancel the mutual consent process after some time interval.
The text was updated successfully, but these errors were encountered: