Improper Upper Bound Definition on the Fee

[code423n4]

Handle

defsec

Vulnerability details

Impact

In the updateFee function on line 158 of "https://github.com/code-423n4/2021-12-perennial/blob/fd7c38823833a51ae0c6ae3856a3d93a7309c0e4/protocol/contracts/factory/Factory.sol", updateFee function does not have any upper or lower bounds. Values that are too large will lead to reversions in several critical functions.

Proof of Concept

• The setFee function that begins on line 158 of updateFee sets the liquidity and transaction fee rates for the market in which the function is called. In this context, the transaction fee is the percentage of a transaction that is taken by the protocol and moved to a designated reserve account. As the name suggests, transaction fees factor in to many of the essential transaction types performed within the system.
• Navigate to "https://github.com/code-423n4/2021-12-perennial/blob/fd7c38823833a51ae0c6ae3856a3d93a7309c0e4/protocol/contracts/factory/Factory.sol" contract and go to line #158.
• On the function there is no upper and lower bound defined. Therefore, users can pay higher fees.

Tools Used

None

Recommended Mitigation Steps

Consider to define upper and lower bounds on the adjustGlobalParams function.

[kbrizzle]

Duplicate of: https://github.com/code-423n4/2021-12-perennial-findings/issues/50

[GalloDaSballo]

Duplicate of: #50