Open hats-bug-reporter[bot] opened 5 months ago
The factory owner can set the the governanceFee on the destination vaults if someone misuses this. It is also fine if people do this, since the intention behind the governance fee is for a small number of vaults to have it rather than a large one. That is why the governance fee is stored inside each vault rather than be shared.
Github username: -- Twitter username: -- Submission hash (on-chain): 0x9392cc65642fa3e49ff9c6b94b5b9cb7b8a6731d70b948bc27f964cfc43b4052 Severity: medium
Description: Description\ On
CatalystFactory
deployment, the_defaultGovernanceFee
remains 0, a separatesetDefaultGovernanceFee
function is used to set the governance fee.The value of
_defaultGovernanceFee
is passed to the vault during its creation.Notorious vault deployers can misuse this mechanism to create vaults with 0 fee by frontrunning the
setDefaultGovernanceFee
call and deploying the vaults before default governance fee gets initialized. These vaults can now be freely used by parties without paying any governance fee.I am aware that factory owner can set the fee for those vaults later. But as per the comments here
it can be seen that the factory owner will be governance/timelock contract. So setting fee for those new vaults will become a time delayed operation. The longer the delay in setting fee for vaults more will be the protocol fee loss for Catalyst protocol owners.
Attack Scenario\
Attachments
Proof of Concept (PoC) File NA
Revised Code File (Optional)
Consider setting the default fee value in Factory's constructor.