Judge has assessed an item in Issue #307 as Medium risk. The relevant finding follows:
(Low) feeRate can be modified for existing vaults
feeRate is a parameter that controls the fee applied on exercise. It can be set by the function:
function setFee(uint256 feeRate_) external onlyOwner {
feeRate = feeRate_;
}
So it can be changed by the owner at any time, changing also the fee payed by existing vaults.
Proof of concept
Alice is a trader looking for a delta neutral position on her NFTs. She opens a vault with strike 10 ETH and fee 0.5%. She's happy getting 9.95 ETH if the option is exercised. During the call lifetime the fee gets increased up to 1%. Now Alice will get 9.90 ETH, an amount which may bring her EV negative.
Recommendations
It's suggested to save feeRate into a vault struct during createVault or buyOption. This value can then be used during exercise instead of the global variable.
HardlyDifficult
commented
2 years ago
Judge has assessed an item in Issue #307 as Medium risk. The relevant finding follows:
(Low)
feeRatecan be modified for existing vaultsfeeRateis a parameter that controls the fee applied on exercise. It can be set by the function:So it can be changed by the owner at any time, changing also the fee payed by existing vaults.
Proof of concept
Alice is a trader looking for a delta neutral position on her NFTs. She opens a vault with strike 10 ETH and fee 0.5%. She's happy getting 9.95 ETH if the option is exercised. During the call lifetime the fee gets increased up to 1%. Now Alice will get 9.90 ETH, an amount which may bring her EV negative.
Recommendations
It's suggested to save
feeRateinto a vault struct duringcreateVaultorbuyOption. This value can then be used duringexerciseinstead of the global variable.