Fee in Cally.setFee() should be upper-bounded

code-423n4 / 2022-05-cally-findings

2 stars 0 forks source link

Fee in Cally.setFee() should be upper-bounded #314

Closed HardlyDifficult closed 2 years ago

HardlyDifficult commented 2 years ago

From BowTiedWardens in https://github.com/code-423n4/2022-05-cally-findings/issues/190

[L-02] Fee in Cally.setFee() should be upper-bounded A malicious owner or owner account compromise can set the fee very high, up to 100%, siphoning all profits from the protocol.

Consider implementing a reasonable upper limit here:

File: Cally.sol 119: function setFee(uint256 feeRate) external onlyOwner { 120: feeRate = feeRate; 121: }

HardlyDifficult commented 2 years ago

Dupe of https://github.com/code-423n4/2022-05-cally-findings/issues/48

JeeberC4 commented 2 years ago

Issue recreated with script that includes all required data.