search

code-423n4 / 2022-05-cally-findings

2 stars 0 forks source link

Owner of `Cally` may DOS the exercise of options by setting feeRate greater than 100% #251

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-05-cally/blob/1849f9ee12434038aa80753266ce6a2f2b082c59/contracts/src/Cally.sol#L119-L121 https://github.com/code-423n4/2022-05-cally/blob/1849f9ee12434038aa80753266ce6a2f2b082c59/contracts/src/Cally.sol#L282-L289

Vulnerability details

Impact

Owner of Cally contract may DOS exercising any options, allowing options to be sold which will never be redeemable.

Proof of Concept

The owner of the Cally contract may set feeRate to arbitrary values, including in excess of 1e18:

https://github.com/code-423n4/2022-05-cally/blob/1849f9ee12434038aa80753266ce6a2f2b082c59/contracts/src/Cally.sol#L119-L121

If feeRate > 1e18 then L289 in the snippet linked below will revert, preventing any options from being exercised:

https://github.com/code-423n4/2022-05-cally/blob/1849f9ee12434038aa80753266ce6a2f2b082c59/contracts/src/Cally.sol#L282-L289

In the case where the owner of the Cally contract has a conflict of interest such as holding vaults for which options will soon become in-the-money, they can DOS to prevent these from being exercised until they can close those vaults.

Recommended Mitigation Steps

Choose a sensible maximum platform fee (well below 100%) and revert someone attempts to set it above that value. This will ensure that even in the case of compromised ownership over the Cally contract all options will work as intended.

outdoteth commented 2 years ago

owner can set fee greater than 100%: https://github.com/code-423n4/2022-05-cally-findings/issues/48