The setFee function that begins on line 158 of updateFee sets the liquidity and transaction fee rates for the market in which the function is called. In this context, the transaction fee is the percentage of a transaction that is taken by the protocol and moved to a designated reserve account. As the name suggests, transaction fees factor in to many of the essential transaction types performed within the system.
Handle
defsec
Vulnerability details
Impact
In the updateFee function on line 158 of "https://github.com/code-423n4/2021-12-perennial/blob/fd7c38823833a51ae0c6ae3856a3d93a7309c0e4/protocol/contracts/factory/Factory.sol", updateFee function does not have any upper or lower bounds. Values that are too large will lead to reversions in several critical functions.
Proof of Concept
Tools Used
None
Recommended Mitigation Steps
Consider to define upper and lower bounds on the adjustGlobalParams function.