since feeData is user supplied an attacker can make brokerFee=0 and pay no fees
Summary
since feeData is user supplied an attacker can make brokerFee=0 and pay no fees
Vulnerability Detail
since feeData is user supplied an attacker can make brokerFee=0 and pay no fees
since there is no input validation on brokerFeeRate it can equal 0 and then the attacker doesn't have to pay fees.which then when making a swap will be with no fees.
and
simon135
high
since
feeData
is user supplied an attacker can makebrokerFee=0
and pay no feesSummary
since
feeData
is user supplied an attacker can makebrokerFee=0
and pay no feesVulnerability Detail
since
feeData
is user supplied an attacker can makebrokerFee=0
and pay no fees since there is no input validation onbrokerFeeRate
it can equal 0 and then the attacker doesn't have to pay fees.which then when making a swap will be with no fees. andImpact
The attacker doesn't have to pay fees
Code Snippet
https://github.com/sherlock-audit/2022-11-dodo/blob/main/contracts/SmartRoute/DODORouteProxy.sol#L468
Tool used
Manual Review
Recommendation