Guardian can cause temporary DoS on withdrawals in the MainVault contract
Summary
A known issue about not validating the input when setting a value in basis points. When working with percentages the setter should not be allowed to set the fee bps to more than the maximum percentage 100% or 10_000 basis points.
Vulnerability Detail
The guardian can set the governanceFee to more than 10_000 which will cause transferFunds function to take fee greater than the withdrawn amount to send. The more major problem is that the transferFunds will even revert because of underflow exception when calculating the left amount to send to the recipient since govFee will be > _value:
gogo
medium
Guardian can cause temporary DoS on withdrawals in the MainVault contract
Summary
A known issue about not validating the input when setting a value in basis points. When working with percentages the setter should not be allowed to set the fee bps to more than the maximum percentage 100% or 10_000 basis points.
Vulnerability Detail
The guardian can set the governanceFee to more than 10_000 which will cause transferFunds function to take fee greater than the withdrawn amount to send. The more major problem is that the transferFunds will even revert because of underflow exception when calculating the left amount to send to the recipient since govFee will be > _value:
Impact
Temporary DoS on withdrawals in the MainVault.
Code Snippet
https://github.com/sherlock-audit/2023-01-derby/blob/main/derby-yield-optimiser/contracts/MainVault.sol#L457-L459
https://github.com/sherlock-audit/2023-01-derby/blob/main/derby-yield-optimiser/contracts/MainVault.sol#L185
https://github.com/sherlock-audit/2023-01-derby/blob/main/derby-yield-optimiser/contracts/MainVault.sol#L188
Tool used
Manual Review
Recommendation
Restrict the guardian from setting a value higher than the maximum basis points 10_000.