search

code-423n4 / 2021-04-maple-findings

0 stars 0 forks source link

Missing check for stakingFee+delegateFee in Pool.sol constructor #66

Open code423n4 opened 3 years ago

code423n4 commented 3 years ago

Handle

0xRajeev

Vulnerability details

Impact

stakingFee+delegateFee should satisfy the constraint as indicated in the require statement of setStakingFee():

require(newStakingFee.add(delegateFee) <= 10_000, "Pool:INVALID_FEE");

But this check is missing in the constructor of Pool.sol where it is expected that contract is deployed with this constraint satisfied. An incorrect/accidental set of values will cause unexpected side effects in fee calculations.

Proof of Concept

https://github.com/maple-labs/maple-core/blob/355141befa89c7623150a83b7d56a5f5820819e9/contracts/Pool.sol#L118-L119

https://github.com/maple-labs/maple-core/blob/355141befa89c7623150a83b7d56a5f5820819e9/contracts/Pool.sol#L301-L306

Tools Used

Manual Analysis

Recommended Mitigation Steps

Add similar check in Pool.sol constructor

lucas-manuel commented 3 years ago

Will add this

satyamakgec commented 3 years ago

We already have this https://github.com/maple-labs/maple-core/blob/355141befa89c7623150a83b7d56a5f5820819e9/contracts/library/PoolLib.sol#L49 Sorry for the confusion.