search

code-423n4 / 2021-12-yetifinance-findings

0 stars 0 forks source link

Assigned operations to constant variables #293

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Handle

pauliax

Vulnerability details

Impact

Assigned operations to constant variables are re-evaluated every time:

      bytes32 private constant _PERMIT_TYPEHASH = keccak256("Permit(address owner,address spender,uint256 value,uint256 nonce,uint256 deadline)");
    bytes32 private constant _TYPE_HASH = keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)");

    uint constant public BORROWING_FEE_FLOOR = DECIMAL_PRECISION / 1000 * 5; // 0.5%
    uint constant public REDEMPTION_FEE_FLOOR = DECIMAL_PRECISION / 1000 * 5; // 0.5%

    uint constant public MAX_BORROWING_FEE = DECIMAL_PRECISION / 100 * 5; // 5%

    bytes32 private constant DOMAIN_SEPARATOR_SIGNATURE_HASH = keccak256("EIP712Domain(uint256 chainId,address verifyingContract)");

See https://github.com/ethereum/solidity/issues/9232

Recommended Mitigation Steps

Change from 'constant' to 'immutable'.

kingyetifinance commented 2 years ago

@LilYeti : Duplicate #175 but unique for BORROWING FEE FLOOR etc.