Owner has privilege that is not according to the README

Summary

No response

Root Cause

Owner has more privileges than expected. According to README:

The owner can: Withdraw fees from the AutomationMaster Register oracles Set the min order size Set the max lending orders Register new sub keeper implementations

However, he can also cancel orders which is against the README:

    function adminCancelOrder(uint96 orderId) external onlyOwner {
        Order memory order = orders[orderId];
        require(_cancelOrder(order), "Order not active");
    }

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

No response

Impact

No response

PoC

No response

Mitigation

Allow owner actions that are according to his privileges

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

023.md

023.md

Owner has privilege that is not according to the README

Summary

Root Cause

Internal pre-conditions

External pre-conditions

Attack Path

Impact

PoC

Mitigation

Files

023.md

Latest commit

History

023.md

File metadata and controls

Owner has privilege that is not according to the README

Summary

Root Cause

Internal pre-conditions

External pre-conditions

Attack Path

Impact

PoC

Mitigation