c4-judge
commented
1 year ago GalloDaSballo marked the issue as duplicate of #514
Closed code423n4 closed 1 year ago
c4-judge
commented
1 year ago GalloDaSballo marked the issue as duplicate of #514
c4-judge
commented
1 year ago GalloDaSballo marked the issue as duplicate of #377
c4-judge
commented
1 year ago GalloDaSballo marked the issue as satisfactory
Lines of code
https://github.com/code-423n4/2022-12-tigris/blob/main/contracts/PairsContract.sol#L104
Vulnerability details
Impact
This function is used to update the fee multiplier per asset and doesn't have any checks to ensure that the variables being set is within some kind of value range.
Proof of Concept
If set poorly on accidentally or by a malicious owner this could be set to a high value and steal funds from users.
Tools Used
Manual Review
Recommended Mitigation Steps
Each variable input parameter updated should have it's own value range checks to ensure their validity otherwise it could cause increased issues for users.