Platform: Code4rena
Start Date: 19/01/2024
Pot Size: $36,500 USDC
Total HM: 9
Participants: 113
Period: 3 days
Judge: 0xsomeone
Id: 322
League: ETH
Rank: 104/113
Findings: 1
Award: $0.09
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: NPCsCorp
Also found by: 0x11singh99, 0xAadi, 0xBugSlayer, 0xE1, 0xPluto, 0xSimeon, 0xSmartContract, 0xabhay, 0xdice91, 0xprinc, Aamir, Aymen0909, CDSecurity, DadeKuma, DarkTower, EV_om, Eeyore, GeekyLumberjack, GhK3Ndf, Giorgio, Greed, Inference, JanuaryPersimmon2024, Kaysoft, Krace, Matue, MrPotatoMagic, NentoR, Nikki, PUSH0, Soliditors, Tendency, Tigerfrake, Timeless, Timenov, ZanyBonzy, ZdravkoHr, abiih, adeolu, al88nsk, azanux, bareli, boredpukar, cu5t0mpeo, d4r3d3v1l, darksnow, deth, dutra, ether_sky, haxatron, ke1caM, kodyvim, m4ttm, mgf15, mrudenko, nmirchev8, nobody2018, nuthan2x, peanuts, piyushshukla, ravikiranweb3, rouhsamad, seraviz, simplor, slylandro_star, stealth, th13vn, vnavascues, wangxx2026, zaevlad
0.0879 USDC - $0.09
Lack of modifier in DcntEth allows anyone to change the router address. Since the router has permissions to mint and burn from any address, this can cause loss of funds and complete devaluation of the token.
function setRouter(address _router) public { router = _router; }
Manual Review
Add an onlyRouter modifier
Access Control
#0 - c4-pre-sort
2024-01-25T22:18:03Z
raymondfam marked the issue as sufficient quality report
#1 - c4-pre-sort
2024-01-25T22:18:09Z
raymondfam marked the issue as duplicate of #14
#2 - alex-ppg
2024-02-03T13:06:50Z
The recommendation is invalid as the router is not assigned on deployment and thus would not be possible to assign. An onlyOwner modifier or similar mechanism would be more apt.
#3 - c4-judge
2024-02-03T13:06:54Z
alex-ppg marked the issue as partial-75