c4-judge
commented
1 year ago GalloDaSballo marked the issue as duplicate of #514
Closed code423n4 closed 1 year ago
c4-judge
commented
1 year ago GalloDaSballo marked the issue as duplicate of #514
c4-judge
commented
1 year ago GalloDaSballo marked the issue as duplicate of #377
c4-judge
commented
1 year ago GalloDaSballo marked the issue as satisfactory
Lines of code
https://github.com/code-423n4/2022-12-tigris/blob/main/contracts/Trading.sol#L943-L969
Vulnerability details
Impact
Users have to put a lot of trust in the owner, which should not be the case in a web3 application.
They might not want to use the platform knowing about such a risk.
Proof of Concept
In Trading.sol#L943-L969 the owner may at any time update the close fees for already open positions to values unacceptable for the traders, essentially stealing their funds.
Tools Used
Visual Studio Code
Recommended Mitigation Steps
Consider refactoring the code, so that the platform users know all the fees before placing a position, and
setFeesaffects only new orders.