transmissions11
commented
2 years ago this is intentional behavior, we dont always want to charge the largest fee, we want to charge the fee most relevant to the safe
Closed code423n4 closed 2 years ago
transmissions11
commented
2 years ago this is intentional behavior, we dont always want to charge the largest fee, we want to charge the fee most relevant to the safe
GalloDaSballo
commented
2 years ago While the observation is correct, there seems to be no vulnerability here. Because the logic for assigning fees is based on pertinence, and the warden didn't prove that the rule is broken, am going to mark the finding invalid
Lines of code
https://github.com/code-423n4/2022-02-tribe-turbo/blob/main/src/modules/TurboClerk.sol#L106-L122 https://github.com/code-423n4/2022-02-tribe-turbo/blob/main/src/TurboSafe.sol#L266
Vulnerability details
Impact
May cause lower fees to be calculated
Proof of Concept
customFeePercentageForSafe= 100customFeePercentageForCollateral= 200slurpgets call which callsgetFeePercentageForSafeas part of its interest calculationgetFeePercentageForSafewill return 100 rather than 200 causing less fees to be calculated, accounted, and transferred to themasterTools Used
Manual analysis
Recommended Mitigation Steps
evaluate which is larger in
getFeePercentageForSafeand return the larger.