Open code423n4 opened 2 years ago
0xkenta
commented
2 years ago setUpperSlack @param _target parameter (slack rate 100% = 1000 Need to check that the _target value should be less than or equal to 100% (1000)
But test cases use 5000 etc. Can I update tests case too?
oishun1112
commented
2 years ago no, upperSlack can be 100% or even higher.
oishun1112
commented
2 years ago So, we don't set upper bound for setUpperSlack() and
0xkenta
commented
2 years ago OK, I have to study more this protocol. Thank you for your comment!
kohshiba
commented
2 years ago Upper slack and lower slack are set toward opposite directions Lower slack = set slack for below target leverage Upper slack = set slack for above target leverage so we don't need to limit lower slack to be smaller than upper slack
Handle
hubble
Vulnerability details
Impact
Input validation required for few important parameters as mentioned in the below functions.
Proof of Concept
File : Parameters.sol line 120 : function setUpperSlack(address _address, uint256 _target)
Need to check that the _target value should be less than or equal to 100% (1000)
line 134 : function setLowerSlack(address _address, uint256 _target) Need to check that the _target value should be less than or equal to corresponding UpperSlack Value
line 177 : function setFeeRate(address _address, uint256 _target)
Need to check that the _target value should be less than or equal to 1e6 (1000000)
line 191 : function setMaxList(address _address, uint256 _target)
Need to check that the _target value should be greater than 1
Tools Used
Manual review
Recommended Mitigation Steps
Add require statements with proper value and comments for the respective input fields as given above