Open hats-bug-reporter[bot] opened 4 months ago
It would be an owner mistake to set both fees with incompatible values. I think OOS.
thank you @PlamenTSV , however, i think it's valid as low.
As the fees set by the FeeManager is flexible in the background we cant enforce a value in the setter function.
Github username: @erictee2802 Twitter username: 0xEricTee Submission hash (on-chain): 0x281e417d0c9e6133741d79c90249a98445f4a2b0f43cc3d58dfb4b3482c7e506 Severity: low
Description: Description\
In
BondingCurveBase_v1.sol::setBuyFee
:In
BondingCurveBase_v1.sol::_setBuyFee
:In
BondingCurveBase_v1.sol::_validateWorkflowFee
:When setting new
buyFee
, the contract checks that the value is less than or equal toBPS
(=10_000) value.Now, take a look at the function
BondingCurveBase_v1.sol::_calculateNetAndSplitFees
:The contract checking
_protocolFee
+_workflowFee
is less than or equalBPS
._calculateNetAndSplitFees
function is used in the following functions:BondingCurveBase_v1.sol::calculatePurchaseReturn
BondingCurveBase_v1.sol::_buyOrder
Attack Scenario\
If the
buyFee
is set toBPS
, the function will always reverts if_protocolFee
> 0 in_calculateNetAndSplitFees
function, causing denial of service situation.Attachments
NA
Manual Analysis
Consider making the following changes
BondingCurveBase_v1.sol::_validateWorkflowFee
: