Platform: Code4rena
Start Date: 09/12/2022
Pot Size: $90,500 USDC
Total HM: 35
Participants: 84
Period: 7 days
Judge: GalloDaSballo
Total Solo HM: 12
Id: 192
League: ETH
Rank: 81/84
Findings: 1
Award: $1.15
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: 0xA5DF
Also found by: 0xA5DF, 0xNazgul, 0xSmartContract, 0xbepresent, 0xdeadbeef0x, 8olidity, Englave, Faith, HE1M, JohnnyTime, Madalad, Mukund, Ruhum, SmartSek, __141345__, aviggiano, carlitox477, cccz, chaduke, francoHacker, gz627, gzeon, hansfriese, hihen, imare, jadezti, kwhuo68, ladboy233, orion, peanuts, philogy, rbserver, wait, yjrwkk
1.1472 USDC - $1.15
https://github.com/code-423n4/2022-12-tigris/blob/main/contracts/BondNFT.sol#L366-L370
owner can steal funds
owner can steal funds by setting itself manager and owner will be able to use onlymanager() function like claim on this amount will be sent to manager rather than bond.owner.
vs code
add check so owner cannot set itself manager or make sure user provided address is a contract rather than wallet address
#0 - TriHaz
2023-01-09T17:59:52Z
We are aware of the centralization risks, initially, all contracts will have a multi-sig as owner to prevent a sole owner, later on a DAO could be the owner.
#1 - c4-sponsor
2023-01-09T17:59:58Z
TriHaz marked the issue as sponsor acknowledged
#2 - c4-judge
2023-01-16T07:31:06Z
GalloDaSballo marked the issue as duplicate of #377
#3 - c4-judge
2023-01-22T17:34:48Z
GalloDaSballo marked the issue as satisfactory