Systems like Index servers depend on events to maintain its state. Missing or overlapping events can cause such systems to have wrong state.
Proof of Concept
File: contracts/v3/alchemix/Alchemist.sol
292 function setBorrowFee(uint256 _borrowFee) external onlyGov {
// Check that the borrow fee is within the acceptable range. Setting the borrow fee greater than 100% could
// potentially break internal logic when calculating the borrow fee.
require(_borrowFee <= PERCENT_RESOLUTION, 'Alchemist: borrow fee above maximum.');
... borrowFee = _borrowFee;
299 emit HarvestFeeUpdated(_borrowFee);
}
Bug at line 299.
Tools Used
Manual review
Recommended Mitigation Steps
Add a new event at the top
event BorrowFeeUpdated(uint256 fee);
Update function setBorrowFee at line 299
292 function setBorrowFee(uint256 _borrowFee) external onlyGov {
// Check that the borrow fee is within the acceptable range. Setting the borrow fee greater than 100% could
// potentially break internal logic when calculating the borrow fee.
require(_borrowFee <= PERCENT_RESOLUTION, 'Alchemist: borrow fee above maximum.');
Xuefeng-Zhu
commented
2 years ago
Handle
hubble
Vulnerability details
Impact
Systems like Index servers depend on events to maintain its state. Missing or overlapping events can cause such systems to have wrong state.
Proof of Concept
File: contracts/v3/alchemix/Alchemist.sol 292 function setBorrowFee(uint256 _borrowFee) external onlyGov { // Check that the borrow fee is within the acceptable range. Setting the borrow fee greater than 100% could // potentially break internal logic when calculating the borrow fee. require(_borrowFee <= PERCENT_RESOLUTION, 'Alchemist: borrow fee above maximum.');
... borrowFee = _borrowFee;
299 emit HarvestFeeUpdated(_borrowFee); } Bug at line 299.
Tools Used
Manual review
Recommended Mitigation Steps
Add a new event at the top event BorrowFeeUpdated(uint256 fee);
Update function setBorrowFee at line 299 292 function setBorrowFee(uint256 _borrowFee) external onlyGov { // Check that the borrow fee is within the acceptable range. Setting the borrow fee greater than 100% could // potentially break internal logic when calculating the borrow fee. require(_borrowFee <= PERCENT_RESOLUTION, 'Alchemist: borrow fee above maximum.');
... borrowFee = _borrowFee;
299 emit BorrowFeeUpdated(_borrowFee); }