turvy_fuzz data for issue #389

code-423n4 · Jun 9, 2023 · 213ae4a · 213ae4a
1 parent ffd67b8
commit 213ae4a
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/data/turvy_fuzz-Q.md b/data/turvy_fuzz-Q.md
@@ -0,0 +1,10 @@
+### Manager can disable erInspectionMode when it's Cooldown is not completed
+## Summary
+use of wrong operator
+
+## Vulnerability Details
+https://github.com/code-423n4/2023-06-stader/blob/main/contracts/StaderOracle.sol#L187
+Due to the use of the wrong operator (&& instead of ||), manager can still disable `erInspection Mode` even when it's Cooldown is not completed. Also when not in cooldown, absolutely anyone can still disable it due to the && operator
+
+## Recommendation:
+use || instead of &&.