function setBorrowFee emits HarvestFeeUpdated event. This event based on its name is for harvest fee and is also emitted in setHarvestFee. Because it has only one parameter of uint, there is no way for an external agent that fetches these events to know which fee was updated by just looking at the event.
Recommended Mitigation Steps
Consider introducing a separate event for the borrow fee.
Xuefeng-Zhu
commented
2 years ago
Handle
pauliax
Vulnerability details
Impact
function setBorrowFee emits HarvestFeeUpdated event. This event based on its name is for harvest fee and is also emitted in setHarvestFee. Because it has only one parameter of uint, there is no way for an external agent that fetches these events to know which fee was updated by just looking at the event.
Recommended Mitigation Steps
Consider introducing a separate event for the borrow fee.