flashFee() missing multiplied by some exponent depending on the base token decimals. #369
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-864
satisfactory
satisfies C4 submission criteria; eligible for awards
Lines of code
https://github.com/code-423n4/2023-04-caviar/blob/cd8a92667bcb6657f70657183769c244d04c015c/src/PrivatePool.sol#L750
Vulnerability details
Impact
flashFee()
missing multiplied by some exponent depending on the base token decimals.When execute
flashLoan()
fee will underchargedProof of Concept
When the
changeFeeQuote()
is calculated, it is performed multiplied by some exponent depending on the base token decimals.but in
flashFee()
only returnchangeFee
missing multiplied by some exponent depending on the base token decimals.
Tools Used
Recommended Mitigation Steps
The text was updated successfully, but these errors were encountered: