Open sherlock-admin opened 7 months ago
1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid
we have acknowledge the issue
As the sponsor wrote in the other report, slippage protection can prevent a malicious increase in fees.
Escalate
Escalate
You've created a valid escalation!
To remove the escalation from consideration: Delete your comment.
You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.
There is slippage protection in the swap but it does not fully protect against a malicious increase.
The PoC in this issue can be added to the test suite in v1-pool/test/unit/pool/Swap.t.sol
to show this increase is possible. The default protocol fee is set to 80% and this test is setting it to 100% and performing the swap.
To test an extreme case that still passes you can decrease the default protocol fee to 5% (which is configured here and still have the fee increase.
@cvetanovv can you elaborate on your stance, also given the new context?
I agree with the escalation. This report and #98 should be Medium.
Planning to apply the suggestion. Any idea why is the escalation empty? I'm not sure if I should accept it or choose this one to be accepted for this single modification of the validity.
@Czar102 the escalation is empty because we are working on a team of 5 and he was the only team member that could raise it. My comment below his escalation is the context of the escalation
Result: Medium Has duplicates
@Robert-H-Leonard next time please just share the escalation contents with each other to put the recommendation in the escalation. This won't be accepted in the future.
Solidity_ATL_Team_2
medium
Napier pool owner can unfairly increase protocol fees on swaps to earn more revenue
Summary
Currently there is no limit to how often a
poolOwner
can update fees which can be abused to earn more fees by charging users higher swap fees than they expect.Vulnerability Detail
The
NapierPool::setFeeParameter
function allows thepoolOwner
to set theprotocolFeePercent
at any point to a maximum value of 100%. ThepoolOwner
is a trusted party but should not be able to abuse protocol settings to earn more revenue. There are no limits to how often this can be updated.Impact
A malicious
poolOwner
could change the protocol swap fees unfairly for users by front-running swaps and increasing fees to higher values on unsuspecting users. An example scenario is:poolOwner
sets swap fees to 1% to attract userspoolOwner
front runs all swaps and changes the swap fees to the maximum value of 100%poolOwner
resetsprotocolFeePercent
to a low value to attract more usersCode Snippet
https://github.com/sherlock-audit/2024-01-napier/blob/main/v1-pool/src/NapierPool.sol#L544-L556 https://github.com/sherlock-audit/2024-01-napier/blob/main/v1-pool/src/libs/PoolMath.sol#L313
Tool used
Manual Review and Foundry
Proof of concept
Recommendation
Introduce a delay in fee updates to ensure users receive the fees they expect.