search

code-423n4 / 2022-05-alchemix-findings

5 stars 2 forks source link

Free Flash fee due to zero value check in AlchemicTokenV2Base.sol #208

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-05-alchemix/blob/main/contracts-full/AlchemicTokenV2Base.sol#L98

Vulnerability details

Impact

Since there is no zero check for the newFee parameter in AlchemicTokenV2Base.setFlashFee() , an admin may mistakenly set the FlashMintFee to zero and allow flash minting cost to be free as well as get a flashloan at zero fee

Proof of Concept

https://github.com/code-423n4/2022-05-alchemix/blob/main/contracts-full/AlchemicTokenV2Base.sol#L98

  1. Admin sets value of newFee parameter in setFlashFee() to 0
  2. This automatically returns the value 0 for flashfee()
  3. fee for flashLoan() is also automatically set to 0

Above allows flash loans for free.

Tools Used

Manual review

Recommended Mitigation Steps

add a require check for newFee parameter.

0xfoobar commented 2 years ago

Sponsor disputed

This is a perfectly reasonable governance action to take.

0xleastwood commented 2 years ago

Same as #210