Function setFee
can be called after fillOrder
#211
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate
This issue or pull request already exists
Lines of code
https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L268
https://github.com/code-423n4/2022-06-putty/blob/3b6b844bc39e897bd0bbb69897f2deff12dc3893/contracts/src/PuttyV2.sol#L240
Vulnerability details
Impact
Function
setFee
can be called at any time, including afterfillOrder
has been called. This could be deemed unfair to the user in the Short Position, since they created the order at a particular point in time.The impact is that they may end up paying more fees than they expected when they call
withdraw
.Proof of Concept
5
(i.e. 0.5%).fillOrder
is called on the order.setFee
increasing it to30
(i.e. 3%)withdraw
(either when Call and Exercised, or when Put and not Exercised). They end up paying 3% in fees instead of 0.5%.Recommended Mitigation Steps
Add a new mapping variable that records the
fee
at the timefillOrder
is called.Then make the following edits to
fillOrder
andwithdraw
.Edit for function
fillOrder
:Edit for function
withdraw
:The text was updated successfully, but these errors were encountered: