HardlyDifficult
commented
2 years ago Closed HardlyDifficult closed 2 years ago
HardlyDifficult
commented
2 years ago 
JeeberC4
commented
2 years ago Issue recreated with script that includes all required data.
From shenwilly in #37
Missing sanity check in setFeeRate There is no input validation in setFeeRate. A faulty payload could set the feeRate to a very high amount, which would cause problems when options are exercised:
Loss of fund for vault creators if feeRate is near 1e18, as the fund is fully transferred to protocol, or Buyers unable to exercise if feeRate is higher than 1e18, as fee would be higher than msg.value. Recommended Mitigation Add sanity checks when setting feeRate, such as:
require(feeRate_ <= 3e17, "Fee must not be higher than 30%");