c4-judge
commented
1 year ago kirk-baird marked the issue as duplicate of #108
Closed c4-judge closed 1 year ago
c4-judge
commented
1 year ago kirk-baird marked the issue as duplicate of #108
c4-judge
commented
1 year ago kirk-baird marked the issue as partial-50
c4-judge
commented
1 year ago This auto-generated issue was withdrawn by kirk-baird
Judge has assessed an item in Issue #282 as 2 risk. The relevant finding follows:
[L-01] Missing sanity check for royalty fee. https://github.com/rabbitholegg/quest-protocol/blob/8c4c1f71221570b14a0479c216583342bd652d8d/contracts/RabbitHoleTickets.sol#L66-L69 https://github.com/rabbitholegg/quest-protocol/blob/8c4c1f71221570b14a0479c216583342bd652d8d/contracts/RabbitHoleReceipt.sol#L90-L93 According to the function royaltyInfo, the royalty fee is measured in BPS. However there is no sanity check for the amount of fee, meaning the owner can set it arbitrarily high. This is recognized as an issue given there is such a check on QuestFactory.