In the case where the owner of the Cally contract has a conflict of interest such as holding vaults for which options will soon become in-the-money, they can DOS to prevent these from being exercised until they can close those vaults.
Recommended Mitigation Steps
Choose a sensible maximum platform fee (well below 100%) and revert someone attempts to set it above that value. This will ensure that even in the case of compromised ownership over the Cally contract all options will work as intended.
Lines of code
https://github.com/code-423n4/2022-05-cally/blob/1849f9ee12434038aa80753266ce6a2f2b082c59/contracts/src/Cally.sol#L119-L121 https://github.com/code-423n4/2022-05-cally/blob/1849f9ee12434038aa80753266ce6a2f2b082c59/contracts/src/Cally.sol#L282-L289
Vulnerability details
Impact
Owner of
Cally
contract may DOS exercising any options, allowing options to be sold which will never be redeemable.Proof of Concept
The owner of the
Cally
contract may setfeeRate
to arbitrary values, including in excess of1e18
:https://github.com/code-423n4/2022-05-cally/blob/1849f9ee12434038aa80753266ce6a2f2b082c59/contracts/src/Cally.sol#L119-L121
If
feeRate > 1e18
then L289 in the snippet linked below will revert, preventing any options from being exercised:https://github.com/code-423n4/2022-05-cally/blob/1849f9ee12434038aa80753266ce6a2f2b082c59/contracts/src/Cally.sol#L282-L289
In the case where the owner of the
Cally
contract has a conflict of interest such as holding vaults for which options will soon become in-the-money, they can DOS to prevent these from being exercised until they can close those vaults.Recommended Mitigation Steps
Choose a sensible maximum platform fee (well below 100%) and revert someone attempts to set it above that value. This will ensure that even in the case of compromised ownership over the
Cally
contract all options will work as intended.