c4-pre-sort
commented
10 months ago raymondfam marked the issue as insufficient quality report
Open c4-bot-4 opened 10 months ago
c4-pre-sort
commented
10 months ago raymondfam marked the issue as insufficient quality report
c4-pre-sort
commented
10 months ago raymondfam marked the issue as duplicate of #28
c4-judge
commented
9 months ago alcueca changed the severity to QA (Quality Assurance)
c4-judge
commented
9 months ago alcueca marked the issue as grade-b
Lines of code
https://github.com/code-423n4/2024-01-curves/blob/516aedb7b9a8d341d0d2666c23780d2bd8a9a600/contracts/Curves.sol#L246
Vulnerability details
Impact
When
feesEconomics.holdersFeePercent > 0 && address(feeRedistributor) == address(0)the holder fee is paid by the buyer (or deducted from the sale) but is lost in the contract.Proof of Concept
_transferFees()always allocates aholderFee. Ifaddress(feeRedistributor) == address(0)the handling of this fee is skipped, and simply left in the contract, since it is either paid by the buyer or deducted from the amount sent to the seller.Recommended Mitigation Steps
Deal with this similarly to the referral fee.
Assessed type
Other