Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Nibiru>Threat Models>Module: controller
GeneralOverview
Findings
Critical (4)
High (6)
DiscussionInconsistent change admin
Threat ModelsWhat are threat models?1-oracle2-perp_v23-wasm4-bindings-perp
5-controllerModule: controller
6-shifter
Audit ResultsSummary

Module: controller

This CosmosWasm module is used to execute privileged messages in the Nibiru perp module (see for more details), which can only be executed if the contract has been added to the sudo module. This module also maintains a whitelist of addresses that are allowed to execute the messages in this contract as well as the address of the current admin.

The InsuranceFundWithdraw, SetMarketEnabled, and EditOracleParams messages are simple wrappers that first check if the sender is a member of the whitelist, and if so, they forward the message.

The AddMember, RemoveMember, and ChangeAdmin messages are used to update the whitelist and admin of this module and can only be performed by the current admin. For each message the new address is first validated, then the members list is updated or the admin is changed. When the admin is changed, the new admin is removed from the list of members.

The entry points are

  • ExecuteMsg::InsuranceFundWithdraw — with controllable parameters amount and to

  • ExecuteMsg::SetMarketEnabled — with controllable parameters pair and enabled

  • ExecuteMsg::EditOracleParams — with controllable parameters vote_period, vote_threshold, reward_band, whitelist, slash_fraction, slash_window, min_valid_per_window, twap_lookback_window, min_voters, and validator_fee_ratio

  • ExecuteMsg::AddMember — with controllable parameter address

  • ExecuteMsg::RemoveMember — with controllable parameter address

  • ExecuteMsg::ChangeAdmin — with controllable parameter address

Zellic © 2024Back to top ↑