Rugpull vector : Fee can be frontrunned to 100%. It can also be set to more than 100%. In that case substraction underflow and revert. Funds will be locked in the pool.
Proof of Concept
There is no limit to the fee which can be set to any percentage. This happens both in the market and in the withrawal fee for pools.
HickupHH3
commented
2 years ago
Lines of code
https://github.com/code-423n4/2022-05-rubicon/blob/8c312a63a91193c6a192a9aab44ff980fbfd7741/contracts/rubiconPools/BathToken.sol#L261 https://github.com/code-423n4/2022-05-rubicon/blob/8c312a63a91193c6a192a9aab44ff980fbfd7741/contracts/RubiconMarket.sol#L1232
Vulnerability details
Impact
Rugpull vector : Fee can be frontrunned to 100%. It can also be set to more than 100%. In that case substraction underflow and revert. Funds will be locked in the pool.
Proof of Concept
There is no limit to the fee which can be set to any percentage. This happens both in the market and in the withrawal fee for pools.
Recommended Mitigation Steps
Add a maximum fee