search

code-423n4 / 2022-06-infinity-findings

4 stars 0 forks source link

`InfinityExchange` owner can grief with high fees #339

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Lines of code

https://github.com/code-423n4/2022-06-infinity/blob/765376fa238bbccd8b1e2e12897c91098c7e5ac6/contracts/core/InfinityExchange.sol#L1266-L1269 https://github.com/code-423n4/2022-06-infinity/blob/765376fa238bbccd8b1e2e12897c91098c7e5ac6/contracts/core/InfinityExchange.sol#L725 https://github.com/code-423n4/2022-06-infinity/blob/765376fa238bbccd8b1e2e12897c91098c7e5ac6/contracts/core/InfinityExchange.sol#L775 https://github.com/code-423n4/2022-06-infinity/blob/765376fa238bbccd8b1e2e12897c91098c7e5ac6/contracts/core/InfinityExchange.sol#L819 https://github.com/code-423n4/2022-06-infinity/blob/765376fa238bbccd8b1e2e12897c91098c7e5ac6/contracts/core/InfinityExchange.sol#L873 https://github.com/code-423n4/2022-06-infinity/blob/765376fa238bbccd8b1e2e12897c91098c7e5ac6/contracts/core/InfinityExchange.sol#L1135

Vulnerability details

Impact

The owner of the InfinityExchange contract can set any high fee values for PROTOCOL_FEE_BPS via the InfinityExchange.setProtocolFee function.

The fee value should be limited to a maximum of 10000. If set to higher values and due to the usage across functions it will DoS the protocol.

Proof of Concept

InfinityExchange.sol#L1266-L1269

function setProtocolFee(uint16 _protocolFeeBps) external onlyOwner {
    PROTOCOL_FEE_BPS = _protocolFeeBps; // @audit-info validate fee bps to be within reasonable limits and `< 10000` to prevent DoS
    emit NewProtocolFee(_protocolFeeBps);
}

PROTOCOL_FEE_BPS is used in the following places:

L725 - uint256 protocolFee = (protocolFeeBps * execPrice) / 10000;\ L775 - uint256 protocolFee = (protocolFeeBps * execPrice) / 10000;\ L819 - uint256 protocolFee = (protocolFeeBps * execPrice) / 10000;\ L873 - uint256 protocolFee = (protocolFeeBps * execPrice) / 10000;\ L1135 - uint256 protocolFee = (PROTOCOL_FEE_BPS * amount) / 10000;

Tools Used

Manual review

Recommended mitigation steps

Consider adding a reasonable upper bound for PROTOCOL_FEE_BPS.

nneverlander commented 2 years ago

Duplicate

HardlyDifficult commented 2 years ago

Dupe https://github.com/code-423n4/2022-06-infinity-findings/issues/259