c4-pre-sort
commented
9 months ago raymondfam marked the issue as insufficient quality report
Open c4-bot-2 opened 9 months ago
c4-pre-sort
commented
9 months ago raymondfam marked the issue as insufficient quality report
c4-pre-sort
commented
9 months ago raymondfam marked the issue as duplicate of #88
c4-judge
commented
9 months ago alcueca changed the severity to QA (Quality Assurance)
c4-judge
commented
9 months ago alcueca marked the issue as grade-b
Lines of code
https://github.com/code-423n4/2024-01-curves/blob/516aedb7b9a8d341d0d2666c23780d2bd8a9a600/contracts/Curves.sol#L117-L126
Vulnerability details
Impact
The contract implements a sensitive fee structure, allowing different fees to be distributed.
These fees are subject to change by the contract manager at any time without limitations.
The manager can set an arbitrarily high fee. No restriction in setMaxFeePercent.
There should be checks that only allow fees up to a specific value, like 5%
Proof of Concept
This can potentially result in a loss of funds or denial of service
Tools Used
Manual Analysis
Recommended Mitigation Steps
Consider capping all fees under a reasonable percentage
Assessed type
Other