search

code-423n4 / 2022-02-aave-lens-findings

0 stars 0 forks source link

Fee amount too restrictive #21

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-02-aave-lens/blob/aaf6c116345f3647e11a35010f28e3b90e7b4862/contracts/core/modules/collect/FeeCollectModule.sol#L72

Vulnerability details

Impact

In the fee collect modules like FeeCollectModule, the initializePublicationCollectModule checks if the fee amount that each user needs to pay is at least >= BPS_MAX = 10_000. For certain currencies with fewer decimals this is too restrictive. As an example, WBTC has 8 decimals and 10_000 WBTC would already be 1e4/1e8 * 50_000$ = 5$ per collect which might be above what the publication owner wants to charge. Certain currencies can effectively not be used in the system.

Recommended Mitigation Steps

Consider removing the amount restrictions and just checking amount > 0.

Zer0dot commented 2 years ago

Actually a good point!

Zer0dot commented 2 years ago

Duplicate of #46