It is recommended to validate that the destination address should not be address zero to prevent from unintentionally burn.
PROTOCOL_FEE_BPS Can Be Set To 100% or Above
Description
There is no maximum limit on how maximum the PROTOCOL_FEE_BPS can be, which might result in a fee rate at 100%, meaning the protocol will collect the entire trading amount. Additionally, it can be more than 10000 (100%) and will result in Denial of Service due to overflow reverting.
It is recommended to determine how high the fee can be at maximum and add the validation to ensure that the fee cannot be set higher than the maximum value.
Tautology Require Statement
Description
The reported require statement is validating on tautology logic, the condition that will always be true. From the fact that the default value of uint in Solidity is 0, so, the condition like >= 0 will always be true in any circumstances.
Low/QA
Missing Event on Important/State Changes Function
Description
Important or state changes function should emit events upon successful execution for off-chain tracking.
Permalinks
Mitigation
An event of calling critical functions should be generated for security and off-chain monitoring purposes.
Missing Zero-address Validation
Description
NFT transfering function can be called with address zero (0x00...00) as the destination. This might cause unexpected behavior or unintentionally burn.
Permalinks
Mitigation
It is recommended to validate that the destination address should not be address zero to prevent from unintentionally burn.
PROTOCOL_FEE_BPSCan Be Set To 100% or AboveDescription
There is no maximum limit on how maximum the
PROTOCOL_FEE_BPScan be, which might result in a fee rate at 100%, meaning the protocol will collect the entire trading amount. Additionally, it can be more than10000(100%) and will result in Denial of Service due to overflow reverting.Permalinks
https://github.com/code-423n4/2022-06-infinity/blob/765376fa238bbccd8b1e2e12897c91098c7e5ac6/contracts/core/InfinityExchange.sol#L1266-1269
Mitigation
It is recommended to determine how high the fee can be at maximum and add the validation to ensure that the fee cannot be set higher than the maximum value.
Tautology Require Statement
Description
The reported require statement is validating on tautology logic, the condition that will always be true. From the fact that the default value of
uintin Solidity is0, so, the condition like>= 0will always be true in any circumstances.Permalinks
https://github.com/code-423n4/2022-06-infinity/blob/765376fa238bbccd8b1e2e12897c91098c7e5ac6/contracts/staking/InfinityStaker.sol#L193
Mitigation
The condition can be changed from
>= 0to> 0.Penalty Can Be Zero
Description
The rage-quit penalty can be set to zero which will causing rage quit always be reverted due to divide by zero.
Permalinks
https://github.com/code-423n4/2022-06-infinity/blob/765376fa238bbccd8b1e2e12897c91098c7e5ac6/contracts/staking/InfinityStaker.sol#L364-L372
Mitigation
A zero-value validation check should be included in the penalty setter function.