Platform: Code4rena
Start Date: 28/11/2022
Pot Size: $192,500 USDC
Total HM: 33
Participants: 106
Period: 11 days
Judge: LSDan
Total Solo HM: 15
Id: 186
League: ETH
Rank: 96/106
Findings: 1
Award: $22.47
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0xNazgul, Atarpara, Awesome, Aymen0909, BClabs, Kong, ali_shehab, bullseye, chaduke, csanuragjain, datapunk, fatherOfBlocks, hansfriese, kaliberpoziomka8552, nicobevi, pashov, pzeus, shark, unforgiven, web3er, xiaoming90
22.467 USDC - $22.47
The comments above say that inorder to be able to remove the feeder you must be the owner, however, there is no any access control implemented here. Anyone can remove any feeder.
/// @notice Allows owner to remove feeder. /// @param _feeder feeder to remove function removeFeeder(address _feeder) external onlyWhenFeederExisted(_feeder) { _removeFeeder(_feeder); }
Add a check that the calling is the owner.
/// @notice Allows owner to remove feeder. /// @param _feeder feeder to remove function removeFeeder(address _feeder) external onlyWhenFeederExisted(_feeder) onlyRole(DEFAULT_ADMIN_ROLE) { _removeFeeder(_feeder); }
#0 - c4-sponsor
2022-12-06T01:27:39Z
yubo-ruan marked the issue as sponsor confirmed
#1 - c4-judge
2022-12-20T16:58:22Z
dmvt marked the issue as duplicate of #31
#2 - c4-judge
2023-01-09T14:23:29Z
dmvt marked the issue as partial-50