outdoteth
commented
2 years ago this can be bumped to medium severity: 3rd issue : No max limit on fee: https://github.com/code-423n4/2022-05-cally-findings/issues/48
Open code423n4 opened 2 years ago
outdoteth
commented
2 years ago this can be bumped to medium severity: 3rd issue : No max limit on fee: https://github.com/code-423n4/2022-05-cally-findings/issues/48
1st issue : Wrong revert comment
In L169, the revert comment should be "Reserve strike too large"
2nd issue : Error in calculation of fee
While calculating fee, in the block L282-L286, the calculation doesn't take into account for smaller
feeRateandvault.currentStrike. Because , when thevault.currentStrike < 1e17andfeeRate == 1, in that case calculated fee becomes 0. So no fee is required for while exercising options bought at that price, and feerate.3rd issue : No max limit on fee
There is no max limit set on the fee rate, as seen in the
setFeefunction L119-L121 Due to this a malicious owner can set a high feerate and cause griefing to it's users.4th issue : Use of block.timestamp
block.timestamp can be manipulated by miners. https://github.com/code-423n4/2022-05-cally/blob/main/contracts/src/Cally.sol#L228