Closed code423n4 closed 2 years ago
i see this more as a documentation issue, my preference would be to avoid using magic numbers and just have ppl set fees to 1 wei (will get rounded to 0 in practice)
Disputing severity to level 0 non-critical
First of all, I want to commend the warden for the thorough work.
That said, ultimately the impact for this finding is minimal as the sponsor will have to use 1 instead of 0 to represent no fees.
Perhaps using a struct (bool, uint16) to mark percentages in BPS may be a solution that uses the same amount of storage slots.
That said, because the impact is minimal but the warden was able to find a valid exception to the ordinary flow of the logic, I believe Low Severity to be appropriate
Because this is the only Low Severity finding from the Warden, I'm going to be judging it as a separate QA Report from Them
Lines of code
https://github.com/code-423n4/2022-02-tribe-turbo/blob/66f27fe51083f49f7935e3fe594ab2380b75dee8/src/modules/TurboClerk.sol#L106-L121
Vulnerability details
https://github.com/code-423n4/2022-02-tribe-turbo/blob/66f27fe51083f49f7935e3fe594ab2380b75dee8/src/modules/TurboClerk.sol#L106-L121
Per the comment:
However, in
getFeePercentageForSafe()
whencustomFeePercentageForSafe
orcustomFeePercentageForCollateral
is0
, it's considered as not set yet. Which will then fallback to the default.This can result in the fees being mischarged.
PoC
defaultFeePercentage
=1E17
(10%)safe1
'scustomFeePercentageForSafe
=0
(0%)safe1
earned1,000 USDC
andslurp()
:Expected Results: Zero fee charged;
Actual Results: Charged for a
100 USDC
fee.Recommendation
Consider using
type(uint256).max
instead of0
to represent0%
: