search

code-423n4 / 2022-05-cally-findings

2 stars 0 forks source link

Improper Upper Bound Definition on the Fee #275

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-05-cally/blob/main/contracts/src/Cally.sol#L120

Vulnerability details

Impact

The feeRate does not have any upper or lower bounds. Values that are too large will lead to reversions in several critical functions or the platform user will lost all funds when paying the fee.

Proof of Concept

  1. Navigate to the following contract : https://github.com/code-423n4/2022-05-cally/blob/main/contracts/src/Cally.sol#L120

Tools Used

Code Review

Recommended Mitigation Steps

Consider defining upper and lower bounds on the feeRate variable.

outdoteth commented 2 years ago

owner can set fee greater than 100%: https://github.com/code-423n4/2022-05-cally-findings/issues/48