code-423n4 / 2021-05-yield-findings

0 stars 0 forks source link

borrowingFee is not initialized #47

Closed code423n4 closed 3 years ago

code423n4 commented 3 years ago

Handle

0xRajeev

Vulnerability details

Impact

borrowingFee not initialized (defaults to 0) at declaration and depends on setFee() for a non-zero acceptable value.

It is safer to initialize at declaration to a non-zero default otherwise borrowers can borrow for zero fees.

Proof of Concept

https://github.com/code-423n4/2021-05-yield/blob/e4c8491cd7bfa5dc1b59eb1b257161cd5bf8c6b0/contracts/LadleStorage.sol#L37

https://github.com/code-423n4/2021-05-yield/blob/e4c8491cd7bfa5dc1b59eb1b257161cd5bf8c6b0/contracts/Ladle.sol#L304

https://github.com/code-423n4/2021-05-yield/blob/e4c8491cd7bfa5dc1b59eb1b257161cd5bf8c6b0/contracts/Ladle.sol#L438

https://github.com/code-423n4/2021-05-yield/blob/e4c8491cd7bfa5dc1b59eb1b257161cd5bf8c6b0/contracts/Ladle.sol#L105-L112

Tools Used

Manual Analysis

Recommended Mitigation Steps

Initialize borrowingFee at declaration to a non-zero default
Add a threshold check for the same in setFee()

alcueca commented 3 years ago

We intend to go live with zero fee borrowing.