Closed code423n4 closed 2 years ago
https://github.com/code-423n4/2022-05-cally/blob/main/contracts/src/Cally.sol#L120
The feeRate does not have any upper or lower bounds. Values that are too large will lead to reversions in several critical functions or the platform user will lost all funds when paying the fee.
Code Review
Consider defining upper and lower bounds on the feeRate variable.
owner can set fee greater than 100%: https://github.com/code-423n4/2022-05-cally-findings/issues/48
Lines of code
https://github.com/code-423n4/2022-05-cally/blob/main/contracts/src/Cally.sol#L120
Vulnerability details
Impact
The feeRate does not have any upper or lower bounds. Values that are too large will lead to reversions in several critical functions or the platform user will lost all funds when paying the fee.
Proof of Concept
Tools Used
Code Review
Recommended Mitigation Steps
Consider defining upper and lower bounds on the feeRate variable.