[NAZ-M7] Value Range Validity for Fee Setter #591
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-377
satisfactory
satisfies C4 submission criteria; eligible for awards
Comments
code423n4
added
2 (Med Risk)
|
GalloDaSballo marked the issue as duplicate of #514 |
C4-Staff
added a commit
that referenced
this issue
Jan 6, 2023
|
GalloDaSballo marked the issue as duplicate of #377 |
|
GalloDaSballo marked the issue as satisfactory |
c4-judge
added
the
satisfactory
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Lines of code
https://github.com/code-423n4/2022-12-tigris/blob/main/contracts/PairsContract.sol#L104
Vulnerability details
Impact
This function is used to update the fee multiplier per asset and doesn't have any checks to ensure that the variables being set is within some kind of value range.
Proof of Concept
If set poorly on accidentally or by a malicious owner this could be set to a high value and steal funds from users.
Tools Used
Manual Review
Recommended Mitigation Steps
Each variable input parameter updated should have it's own value range checks to ensure their validity otherwise it could cause increased issues for users.
The text was updated successfully, but these errors were encountered: