In Controller.sol the setUniswapQuoter() and setCurvePoolFee() functions didn’t have any upper limit for setting the fee. Which allowed the owner to change the fee by any amount.
Vulnerability Detail
function setUniswapPoolFee(uint24 _poolFee) external onlyDao {
uniswapParams.poolFee = _poolFee;
}
function setCurvePoolFee(uint24 _poolFee) external onlyDao {
curve3PoolFee = _poolFee;
}
Impact
A malicious or hacked DAO may charge unrealistically high fees and thus harm users.
tsvetanovv
medium
No upper limit for fees
Summary
In Controller.sol the
setUniswapQuoter()
andsetCurvePoolFee()
functions didn’t have any upper limit for setting the fee. Which allowed the owner to change the fee by any amount.Vulnerability Detail
Impact
A malicious or hacked DAO may charge unrealistically high fees and thus harm users.
Code Snippet
https://github.com/sherlock-audit/2023-01-derby/blob/main/derby-yield-optimiser/contracts/Controller.sol#L193 https://github.com/sherlock-audit/2023-01-derby/blob/main/derby-yield-optimiser/contracts/Controller.sol#L199
Tool used
Manual Review
Recommendation
Add some limit to the fees DAO owner can settle.
Duplicate of #16