code-423n4 / 2021-07-sherlock-findings

0 stars 0 forks source link

Closed code423n4 closed 3 years ago

code423n4 commented 3 years ago

Handle

cmichel

Docs about PoolStorage.activateCooldownFee say:

// Variable used to calculate the fee when activating the cooldown // Max value is uint32(-1) which creates a 100% fee on the withdrawal

But PoolBase.setCooldownFee does not have a max value check of uint32(-1). It should be added to reduce trust in governance.

Evert0x commented 3 years ago

It is stored in a uint32 so the maximum value can be uint32(-1), right?

Evert0x commented 3 years ago

ghoul-sol commented 3 years ago

duplicate of #28 so invalid