I think this is bad for users, as you need extra trust on an admin to not exploit this, and smart contracts should aim for as little external trust as possible.
Impact
User Risk: Users are exposed to the risk of high fees, which may not be reasonable or fair.
Trust Dependency: The smart contract relies on trusting the admin not to exploit the ability to set fees to extreme values.
Decreased Participation due to fear unpredictable and potentially unfair fee structures.
Implement a reasonable upper limit, e.g. 30%.
Consider using a timelock, so that users have time to react and adjust. In that way, users would know the fees they are agreeing with.
thisvishalsingh
medium
thisvishalsingh - Manipulation of
setFlashFeeinJalaFactory.solthisvishalsingh
Manipulation of
setFlashFeeinJalaFactory.solSummary
Admin can
setFlashFeeup to 100%. This is bad for users, fees should have a reasonable upper limit, e.g. 30% to prevent potential griefing.Vulnerability Detail
https://github.com/sherlock-audit/2024-02-jala-swap/blob/main/jalaswap-dex-contract/contracts/JalaFactory.sol#L81-L85
I think this is bad for users, as you need extra trust on an admin to not exploit this, and smart contracts should aim for as little external trust as possible.
Impact
Code Snippet
https://github.com/sherlock-audit/2024-02-jala-swap/blob/main/jalaswap-dex-contract/contracts/JalaFactory.sol#L81
Tool used
Manual Review
Recommendation
Implement a reasonable upper limit, e.g. 30%. Consider using a timelock, so that users have time to react and adjust. In that way, users would know the fees they are agreeing with.
Duplicate of #57