Closed code423n4 closed 2 years ago
ye0lde
The comments for this function state that fees are calculated for a specific user. But the "user" parameter is not used and there is just a generic fee calculation.
The "specific user" comments are here: https://github.com/code-423n4/2021-11-nested/blob/f646002b692ca5fa3631acfff87dda897541cf41/contracts/NestedFactory.sol#L553-L554
The unused "_user" parameter and generic fee calculation are here: https://github.com/code-423n4/2021-11-nested/blob/f646002b692ca5fa3631acfff87dda897541cf41/contracts/NestedFactory.sol#L557-L558
Literal instead of constant/immutable for 1% used here: https://github.com/code-423n4/2021-11-nested/blob/f646002b692ca5fa3631acfff87dda897541cf41/contracts/NestedFactory.sol#L558
Visual Studio Code, Remix
Correct the comments and remove the "_user" parameter if it is not needed.
Or if "_user" will be used in the future, provide comments about why and when it will be in use.
Consider using a constant for 1%.
duplicate #167
Handle
ye0lde
Vulnerability details
Impact
The comments for this function state that fees are calculated for a specific user. But the "user" parameter is not used and there is just a generic fee calculation.
Proof of Concept
The "specific user" comments are here: https://github.com/code-423n4/2021-11-nested/blob/f646002b692ca5fa3631acfff87dda897541cf41/contracts/NestedFactory.sol#L553-L554
The unused "_user" parameter and generic fee calculation are here: https://github.com/code-423n4/2021-11-nested/blob/f646002b692ca5fa3631acfff87dda897541cf41/contracts/NestedFactory.sol#L557-L558
Literal instead of constant/immutable for 1% used here: https://github.com/code-423n4/2021-11-nested/blob/f646002b692ca5fa3631acfff87dda897541cf41/contracts/NestedFactory.sol#L558
Tools Used
Visual Studio Code, Remix
Recommended Mitigation Steps
Correct the comments and remove the "_user" parameter if it is not needed.
Or if "_user" will be used in the future, provide comments about why and when it will be in use.
Consider using a constant for 1%.