Judge has assessed an item in Issue #37 as Medium risk. The relevant finding follows:
Missing sanity check in setFeeRate
There is no input validation in setFeeRate. A faulty payload could set the feeRate to a very high amount, which would cause problems when options are exercised:
Loss of fund for vault creators if feeRate is near 1e18, as the fund is fully transferred to protocol, or
Buyers unable to exercise if feeRate is higher than 1e18, as fee would be higher than msg.value.
Recommended Mitigation
Add sanity checks when setting feeRate, such as:
require(feeRate_ <= 3e17, "Fee must not be higher than 30%");
HardlyDifficult
commented
2 years ago
Judge has assessed an item in Issue #37 as Medium risk. The relevant finding follows:
Missing sanity check in setFeeRate There is no input validation in setFeeRate. A faulty payload could set the feeRate to a very high amount, which would cause problems when options are exercised:
Loss of fund for vault creators if feeRate is near 1e18, as the fund is fully transferred to protocol, or Buyers unable to exercise if feeRate is higher than 1e18, as fee would be higher than msg.value. Recommended Mitigation Add sanity checks when setting feeRate, such as:
require(feeRate_ <= 3e17, "Fee must not be higher than 30%");