Platform: Code4rena
Start Date: 19/01/2024
Pot Size: $36,500 USDC
Total HM: 9
Participants: 113
Period: 3 days
Judge: 0xsomeone
Id: 322
League: ETH
Rank: 105/113
Findings: 1
Award: $0.09
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: NPCsCorp
Also found by: 0x11singh99, 0xAadi, 0xBugSlayer, 0xE1, 0xPluto, 0xSimeon, 0xSmartContract, 0xabhay, 0xdice91, 0xprinc, Aamir, Aymen0909, CDSecurity, DadeKuma, DarkTower, EV_om, Eeyore, GeekyLumberjack, GhK3Ndf, Giorgio, Greed, Inference, JanuaryPersimmon2024, Kaysoft, Krace, Matue, MrPotatoMagic, NentoR, Nikki, PUSH0, Soliditors, Tendency, Tigerfrake, Timeless, Timenov, ZanyBonzy, ZdravkoHr, abiih, adeolu, al88nsk, azanux, bareli, boredpukar, cu5t0mpeo, d4r3d3v1l, darksnow, deth, dutra, ether_sky, haxatron, ke1caM, kodyvim, m4ttm, mgf15, mrudenko, nmirchev8, nobody2018, nuthan2x, peanuts, piyushshukla, ravikiranweb3, rouhsamad, seraviz, simplor, slylandro_star, stealth, th13vn, vnavascues, wangxx2026, zaevlad
0.0879 USDC - $0.09
Router can be set to an arbitrary address to mint and burn dcnt tokens
Anyone can set the router address to mint arbitrary amount of Dcnt tokens effectively draining the ETH locked within contracts or open market.
function setRouter(address _router) public {//@audit missing access control router = _router; }
Manual Review
SetRouter should be a privileged function
Access Control
#0 - c4-pre-sort
2024-01-24T03:24:32Z
raymondfam marked the issue as sufficient quality report
#1 - c4-pre-sort
2024-01-24T03:24:41Z
raymondfam marked the issue as duplicate of #14
#2 - alex-ppg
2024-02-03T13:28:01Z
Insufficient elaboration on the impact chapter as the ETH locked in the open market is unaffected.
#3 - c4-judge
2024-02-03T13:28:04Z
alex-ppg marked the issue as partial-75