The Fee Setter can change the flashFee via the JalaFactory.sol :: setFlashFee to any value since there is no upperbound stated. This can lead to unexpected results and will lead to users being affected.
For example in the current state the Fee Setter may change the flashFee to a ridiculous number ( > 90% ), that will result in the FlashSwap functionality in the swap function charging ridiculously high fees to users, that will either cause the FlashSwap to fail in the first place or if it goes through the user will pay a ridiculous amount in fees.
Impact
For example in the current state the Fee Setter may change the flashFee to a ridiculous number ( > 90% ), that will result in the FlashSwap functionality in the swap function charging ridiculously high fees to users, that will either cause the FlashSwap to fail in the first place or if it goes through the user will pay a ridiculous amount in fees.
Specify the Fee Setter's privileges and responsibilities in the documentation.
Add constant state variables that can be used as the minimum and maximum values for the flashFee.
Spearmint
medium
Centralization risk
Summary
The protocol has a Fee Setter with privileged rights to change the fee with no upperbound.
Validation is missing for admin fee setter functions.
Vulnerability Detail
The
setFlashFeefunction in theJalaFactory.solcontract has no validation checks after theflashFeeis changed.The Fee Setter can change the
flashFeevia theJalaFactory.sol :: setFlashFeeto any value since there is no upperbound stated. This can lead to unexpected results and will lead to users being affected.For example in the current state the Fee Setter may change the flashFee to a ridiculous number ( > 90% ), that will result in the FlashSwap functionality in the swap function charging ridiculously high fees to users, that will either cause the FlashSwap to fail in the first place or if it goes through the user will pay a ridiculous amount in fees.
Impact
For example in the current state the Fee Setter may change the flashFee to a ridiculous number ( > 90% ), that will result in the FlashSwap functionality in the swap function charging ridiculously high fees to users, that will either cause the FlashSwap to fail in the first place or if it goes through the user will pay a ridiculous amount in fees.
Code Snippet
https://github.com/sherlock-audit/2024-02-jala-swap/blob/030d3ed54214754301154bce0e58ea534100a7e3/jalaswap-dex-contract/contracts/JalaFactory.sol#L81-L84
Tool used
Manual Review
Recommendation
Specify the Fee Setter's privileges and responsibilities in the documentation. Add constant state variables that can be used as the minimum and maximum values for the flashFee.
Duplicate of #57