HickupHH3
commented
2 years ago (L1) fee can change for ongoing orders The owner can call setFee(uint256 _fee) and change the fee amount. This changes the fee taken for all orders already filled/exercised.
In some situations, an user may not have filled an order if they knew the fee would end up higher. This situation is alleviated by the fact that the fee is capped at 3%.
Recommendations The fee can be written in the Order struct and checked that it matches the current correct value during fillOrder. This way when exercising/withdrawing we can use the "order.fee" irrespective to the current global variable.
Judge has assessed an item in Issue #417 as Medium risk. The relevant finding follows: