Skip to content

Upgraded Q -> 2 from #19 [1677669261110] #38

New issue
New issue
Closed
Closed
Upgraded Q -> 2 from #19 [1677669261110]#38
Labels
2 (Med Risk)Assets not at direct risk, but function/availability of the protocol could be impacted or leak valueduplicate-13satisfactorysatisfies C4 submission criteria; eligible for awards
@c4-judge

Description

@c4-judge
c4-judge
opened on Mar 1, 2023

Judge has assessed an item in Issue #19 as 2 risk. The relevant finding follows:

KFC-03L: Inexistent Duplicate Entry Prevention (Affected Lines: L175-L180)
The KUMAFeeCollector::changePayees function does not adequately sanitize the new payees, permitting duplicate entries to exist which will cause the contract to significantly misbehave as it would track the _totalShares incorrectly, and perform two payouts with the latest newShares[i] value. We advise the code to add a new if conditional which causes the code to fail if _payees.contains(newPayees[i]) evaluates to true.

Metadata

Metadata

Assignees

No one assigned

    Labels

    2 (Med Risk)Assets not at direct risk, but function/availability of the protocol could be impacted or leak valueduplicate-13satisfactorysatisfies C4 submission criteria; eligible for awards

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions