Closed code423n4 closed 2 years ago
pauliax
The owner can front-run insure and invoke setFeeRate, and set a huge _fee, for example, _fee = 100%.
A similar issue was submitted in a previous contest, you can find more details here: https://github.com/code-423n4/2021-05-nftx-findings/issues/51
You can consider introducing an upper limit (e.g. 20%) for the _fee or adding delays when updates on parameters take the effect.
https://github.com/code-423n4/2022-01-insure-findings/issues/229
Handle
pauliax
Vulnerability details
Impact
The owner can front-run insure and invoke setFeeRate, and set a huge _fee, for example, _fee = 100%.
A similar issue was submitted in a previous contest, you can find more details here: https://github.com/code-423n4/2021-05-nftx-findings/issues/51
Recommended Mitigation Steps
You can consider introducing an upper limit (e.g. 20%) for the _fee or adding delays when updates on parameters take the effect.