We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
0xRajeev
borrowingFee not initialized (defaults to 0) at declaration and depends on setFee() for a non-zero acceptable value.
It is safer to initialize at declaration to a non-zero default otherwise borrowers can borrow for zero fees.
https://github.com/code-423n4/2021-05-yield/blob/e4c8491cd7bfa5dc1b59eb1b257161cd5bf8c6b0/contracts/LadleStorage.sol#L37
https://github.com/code-423n4/2021-05-yield/blob/e4c8491cd7bfa5dc1b59eb1b257161cd5bf8c6b0/contracts/Ladle.sol#L304
https://github.com/code-423n4/2021-05-yield/blob/e4c8491cd7bfa5dc1b59eb1b257161cd5bf8c6b0/contracts/Ladle.sol#L438
https://github.com/code-423n4/2021-05-yield/blob/e4c8491cd7bfa5dc1b59eb1b257161cd5bf8c6b0/contracts/Ladle.sol#L105-L112
Manual Analysis
The text was updated successfully, but these errors were encountered:
0xRajeev issue #47
5542f52
We intend to go live with zero fee borrowing.
Sorry, something went wrong.
No branches or pull requests
Handle
0xRajeev
Vulnerability details
Impact
borrowingFee not initialized (defaults to 0) at declaration and depends on setFee() for a non-zero acceptable value.
It is safer to initialize at declaration to a non-zero default otherwise borrowers can borrow for zero fees.
Proof of Concept
https://github.com/code-423n4/2021-05-yield/blob/e4c8491cd7bfa5dc1b59eb1b257161cd5bf8c6b0/contracts/LadleStorage.sol#L37
https://github.com/code-423n4/2021-05-yield/blob/e4c8491cd7bfa5dc1b59eb1b257161cd5bf8c6b0/contracts/Ladle.sol#L304
https://github.com/code-423n4/2021-05-yield/blob/e4c8491cd7bfa5dc1b59eb1b257161cd5bf8c6b0/contracts/Ladle.sol#L438
https://github.com/code-423n4/2021-05-yield/blob/e4c8491cd7bfa5dc1b59eb1b257161cd5bf8c6b0/contracts/Ladle.sol#L105-L112
Tools Used
Manual Analysis
Recommended Mitigation Steps
The text was updated successfully, but these errors were encountered: