search

code-423n4 / 2021-11-nested-findings

1 stars 1 forks source link

calculateFees Issues (NestedFactory.sol) #194

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Handle

ye0lde

Vulnerability details

Impact

The comments for this function state that fees are calculated for a specific user. But the "user" parameter is not used and there is just a generic fee calculation.

Proof of Concept

The "specific user" comments are here: https://github.com/code-423n4/2021-11-nested/blob/f646002b692ca5fa3631acfff87dda897541cf41/contracts/NestedFactory.sol#L553-L554

The unused "_user" parameter and generic fee calculation are here: https://github.com/code-423n4/2021-11-nested/blob/f646002b692ca5fa3631acfff87dda897541cf41/contracts/NestedFactory.sol#L557-L558

Literal instead of constant/immutable for 1% used here: https://github.com/code-423n4/2021-11-nested/blob/f646002b692ca5fa3631acfff87dda897541cf41/contracts/NestedFactory.sol#L558

Tools Used

Visual Studio Code, Remix

Recommended Mitigation Steps

Correct the comments and remove the "_user" parameter if it is not needed.

Or if "_user" will be used in the future, provide comments about why and when it will be in use.

Consider using a constant for 1%.

adrien-supizet commented 2 years ago

duplicate #167