Unconstrained Fees #76
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-377
satisfactory
satisfies C4 submission criteria; eligible for awards
Comments
code423n4
added
2 (Med Risk)
|
Duplicate of #15 |
|
GalloDaSballo marked the issue as duplicate of #514 |
|
GalloDaSballo marked the issue as duplicate of #377 |
|
GalloDaSballo marked the issue as satisfactory |
c4-judge
added
the
satisfactory
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Lines of code
https://github.com/code-423n4/2022-12-tigris/blob/588c84b7bb354d20cbca6034544c4faa46e6a80e/contracts/Trading.sol#L952-L969
Vulnerability details
Impact
An admin may set unconstrained fees for opening and closing trades in the
Trading.solsmart contract, in thesetFeesfunction.An admin mistakenly (or deliberately, maliciously) might add a fee that is very large, which will lead to users loosing money using the trading platform, also the admin might set a fee higher than 100% which will make the trading contract unusable since transactions will be reverted.
Proof of Concept
https://github.com/code-423n4/2022-12-tigris/blob/588c84b7bb354d20cbca6034544c4faa46e6a80e/contracts/Trading.sol#L952-L969
Tools Used
Manual Review
Recommended Mitigation Steps
Add relevant checks and constrains before setting the fees, especially dao and burn fees.
The text was updated successfully, but these errors were encountered: