[FMR-02M] Unsafe Incentive Owner Adjustment #166
Description
FMR-02M: Unsafe Incentive Owner Adjustment
| Type | Severity | Location |
|---|---|---|
| Input Sanitization |  |
FeeManager.sol:L195-L213, L219-L235 |
Description:
The FeeManager::changeIncentiveUSDA and FeeManager::changeIncentiveUSDB functions do not perform any sanitization in relation to the _newOwner, permitting the incentiveOwnerA to set the incentiveOwnerB as the _newOwner and vice-versa.
Such an action can reduce the incentiveUSD of the _newOwner improperly. Additionally, the aforementioned functions permit the incentive owner to set themselves, resetting their incentiveUSD to 0 incorrectly.
Impact:
The incentiveUSD entries of the system can significantly misbehave if incentive owner transfers are presently performed using unusual arguments.
Example:
function changeIncentiveUSDA(
address _newOwner
)
external
{
if (msg.sender != incentiveOwnerA) {
revert NotAllowed();
}
incentiveUSD[_newOwner] = incentiveUSD[
incentiveOwnerA
];
delete incentiveUSD[
incentiveOwnerA
];
incentiveOwnerA = _newOwner;
}Recommendation:
We advise the code to prevent setting the _newOwner to either the incentiveOwnerA or the incentiveOwnerB, preventing the misbehaviours described.