Platform: Code4rena
Start Date: 28/11/2022
Pot Size: $192,500 USDC
Total HM: 33
Participants: 106
Period: 11 days
Judge: LSDan
Total Solo HM: 15
Id: 186
League: ETH
Rank: 97/106
Findings: 1
Award: $22.47
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0xNazgul, Atarpara, Awesome, Aymen0909, BClabs, Kong, ali_shehab, bullseye, chaduke, csanuragjain, datapunk, fatherOfBlocks, hansfriese, kaliberpoziomka8552, nicobevi, pashov, pzeus, shark, unforgiven, web3er, xiaoming90
22.467 USDC - $22.47
The NFTFloorOracle:: removeFeeder() function is very critical to remove the oracle feeder, however, it lacks the permission check resulting anyone can remove the _feeder as long as the _feeder exist. This can result a malicious attacker just remove the _feeder to impact the oracle feed.
N/A
add the onlyRole(DEFAULT_ADMIN_ROLE) modifer to the NFTFloorOracle:: removeFeeder() function so that _feeder can only be removed by the DEFAULT_ADMIN_ROLE.
#0 - c4-judge
2022-12-20T16:57:59Z
dmvt marked the issue as duplicate of #31
#1 - c4-judge
2023-01-09T14:10:28Z
dmvt changed the severity to 3 (High Risk)
#2 - c4-judge
2023-01-23T16:10:45Z
dmvt marked the issue as partial-50