Closed code423n4 closed 2 years ago
fees are not paid by the user minting/burning they are streaming fees meant to be accrued over time. so it is fine if mints in the same block do not all calculate fees
Finding is invalid as the warden seems to imply that fees are taken from deposits, while as the sponsor says, fees are streamed to the owner (they are effectively paid via inflation / dilution)
Handle
goatbug
Vulnerability details
Impact
The fees system is broken. Anyone can easily pay zero fees.
Proof of Concept
Create a bundle of two txs to be mined in one block.
First tx calls mintTo with an extrememly small amount, handleFees is called and importantly lastFee = block.timestamp;
Second tx, do your actual tx with your full amoun uint256 timeDiff = (block.timestamp - lastFee);
timeDiff will be equal to 0
It follows uint256 feePct = timeDiff licenseFee / ONE_YEAR; uint256 fee = startSupply feePct / (BASE - feePct); Fee =0
and therefor no fees accured by publisher or owner.
That everything else will also be
Tools Used
Recommended Mitigation Steps