Upgraded Q -> M from #381 [1668467789168]

c4-judge commented 1 year ago

Judge has assessed an item in Issue #381 as M risk. The relevant finding follows:

There is no limit for FlashLoanFee function setFlashLoanFee(uint256 _flashLoanFee) external override onlyOwner { uint256 _oldFlashLoanFee = flashLoanFee;

    if (_oldFlashLoanFee == _flashLoanFee) revert LBFactory__SameFlashLoanFee(_flashLoanFee);

    flashLoanFee = _flashLoanFee;
    emit FlashLoanFeeSet(_oldFlashLoanFee, _flashLoanFee);
}

https://github.com/code-423n4/2022-10-traderjoe/blob/79f25d48b907f9d0379dd803fc2abc9c5f57db93/src/LBFactory.sol#L479

There is no limit for FlashLoanFee. So Owner of LBFactory could set FlashLoanFee extreamly high.

Check flashLoanFee is lower than MAX_FEE when setFlashLoanFee and constructor of LBFactory.

c4-judge commented 1 year ago

GalloDaSballo marked the issue as duplicate of #139

Simon-Busch commented 1 year ago

Marked this issue as Satisfactory as requested by @GalloDaSballo

code-423n4 / 2022-10-traderjoe-findings

Upgraded Q -> M from #381 [1668467789168] #510