Closed sherlock-admin2 closed 7 months ago
2 comment(s) were left on this issue during the judging contest.
tsvetanovv commented:
Low. In addition the admin can use
setBaseFee()
and set the fee
0xAadi commented:
Invalid: Admin can reset the baseFee later using setBaseFee
soliditywala
medium
Fees not set in initialize()
Summary
The initialize() function in the RubiconFeeController contract does not set the baseFee for the new proxy, potentially causing incorrect fee calculation for the new proxy.
Vulnerability Detail
In the initialize() function of the RubiconFeeController contract, the baseFee is not set, leaving it at its default value of 10. Since this contract is intended to be used as an implementation for a proxy, the baseFee will be 0 for the proxy and will lead to incorrect fees calculation.
Impact
The impact of this issue is that newly created proxy instances will have a baseFee value of 0 instead of the 10, leading to incorrect fee calculations potentially leading to loss to protocol.
Code Snippet
Tool used
Manual Review
Recommendation
Set baseFee in initialize() function like below.