search

Cyfrin / 2023-07-beedle

18 stars 18 forks source link

Lack of access control on `Fees::sellProfits` can lead to tokens being swapped at unwanted marked conditions #1214

Open codehawks-bot opened 1 year ago

codehawks-bot commented 1 year ago

Lack of access control on Fees::sellProfits can lead to tokens being swapped at unwanted marked conditions

Severity

Medium Risk

Relevant GitHub Links

https://github.com/Cyfrin/2023-07-beedle/blob/658e046bda8b010a5b82d2d85e824f3823602d27/src/Fees.sol#L26-L44

Summary

Any user can call Fees::sellProfits at any given time. This can be used to grief the protocol, by calling the function for a loan token that is currently trading at an unfavorable price.

Vulnerability Details

Let's take an example:

One of the loan tokens that the Fees contract currently holds is USDC. At some point USDC depegs to a price of lets say, 0.90 USD. At that point, the protocol owners probablly won't want to sell the accumulated USDC fees, until it reaches 1 : 1 ratio with USD again, since the ETH price of USDC will also drop inside the Uniswap pair. However, a mallicios user can come in and call the sellProfits function for USDC, leading to the protocol loosing ~ 0.10 USD per each USDC.

Impact

The protocol will sell its accumulated fees at lower prices, in turn, accumulating losses.

Tools Used

Manual review

Recommendations

Add access control to the Fees::sellProfits function.

PatrickAlphaC commented 1 year ago

This is intended functionality at the moment.

PatrickAlphaC commented 1 year ago

Reopening and validating from escalations