code-423n4 / 2022-04-badger-citadel-findings

0 stars 1 forks source link

minDiscound can be greater than maxDiscount #147

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-04-badger-citadel/blob/main/src/Funding.sol#L356

Vulnerability details

In the function setDiscountLimits, there are no checks on _minDiscount, therefore it can be greater than _maxDiscount, and even greater than MAX_BPS.

Recommended Mitigation Steps

add:

require(_minDiscount <= _maxDiscount);

GalloDaSballo commented 2 years ago

Agree, also dup

jack-the-pug commented 2 years ago

Will downgrade to QA. It requires admin's misbehave and the only impact is: need send another transaction to set it correctly.