The function handleFees() will revert if feePct >BASE
==> feePct = timeDiff licenseFee / ONE_YEAR;
==> BASE < timeDiff licenseFee / ONE_YEAR;
==> licenseFee > BASE * ONE_YEAR / timeDiff
So licenseFee should have a maximum value to prevent this.
Probably there is also a reasonable upperlimit to licenseFee the let the protocol function properly.
Handle
gpersoon
Vulnerability details
Impact
The function handleFees() will revert if feePct >BASE ==> feePct = timeDiff licenseFee / ONE_YEAR; ==> BASE < timeDiff licenseFee / ONE_YEAR; ==> licenseFee > BASE * ONE_YEAR / timeDiff So licenseFee should have a maximum value to prevent this. Probably there is also a reasonable upperlimit to licenseFee the let the protocol function properly.
Proof of Concept
https://github.com/code-423n4/2021-09-defiProtocol/blob/main/contracts/contracts/Basket.sol#L110 function handleFees() private { .. uint256 timeDiff = (block.timestamp - lastFee); uint256 feePct = timeDiff licenseFee / ONE_YEAR; uint256 fee = startSupply feePct / (BASE - feePct); // will revert if feePct > BASE
Tools Used
Recommended Mitigation Steps
Define an upperlimit for licenseFee Enforce this in the function proposeBasketLicense() of Factory.sol