Closed sherlock-admin closed 2 years ago
Dravee
medium
Illogical state: Fees are unbounded
The admin can set topupFee and exchangeFee to be greater than 100% (they are unbounded uint256 values) and cause trouble in future calls
topupFee
exchangeFee
uint256
Potential DOS or rug.
https://github.com/sherlock-audit/2022-10-mover/blob/main/cardtopup_contract/contracts/HardenedTopupProxy.sol#L199-L202
https://github.com/sherlock-audit/2022-10-mover/blob/main/cardtopup_contract/contracts/HardenedTopupProxy.sol#L204-L207
Manual Review
Consider setting an upper bound for fees
Duplicate of #123
Dravee
medium
Fees are unbounded
Summary
Illogical state: Fees are unbounded
Vulnerability Detail
The admin can set
topupFeeandexchangeFeeto be greater than 100% (they are unboundeduint256values) and cause trouble in future callsImpact
Potential DOS or rug.
Code Snippet
https://github.com/sherlock-audit/2022-10-mover/blob/main/cardtopup_contract/contracts/HardenedTopupProxy.sol#L199-L202
https://github.com/sherlock-audit/2022-10-mover/blob/main/cardtopup_contract/contracts/HardenedTopupProxy.sol#L204-L207
Tool used
Manual Review
Recommendation
Consider setting an upper bound for fees
Duplicate of #123