search

sherlock-audit / 2024-02-rubicon-finance-judging

5 stars 3 forks source link

soliditywala - Fees not set in initialize() #71

Closed sherlock-admin2 closed 7 months ago

sherlock-admin2 commented 7 months ago

soliditywala

medium

Fees not set in initialize()

Summary

The initialize() function in the RubiconFeeController contract does not set the baseFee for the new proxy, potentially causing incorrect fee calculation for the new proxy.

Vulnerability Detail

In the initialize() function of the RubiconFeeController contract, the baseFee is not set, leaving it at its default value of 10. Since this contract is intended to be used as an implementation for a proxy, the baseFee will be 0 for the proxy and will lead to incorrect fees calculation.

Impact

The impact of this issue is that newly created proxy instances will have a baseFee value of 0 instead of the 10, leading to incorrect fee calculations potentially leading to loss to protocol.

Code Snippet

    uint256 public baseFee = 10;

Tool used

Manual Review

Recommendation

Set baseFee in initialize() function like below.

function initialize(
    address _owner,
    address _feeRecipient,
    uint256 _baseFee
) external override {
    if (initialized) revert AlreadyInitialized();
    owner = _owner;
    feeRecipient = _feeRecipient;
    baseFee = _baseFee; // Set the desired baseFee for the new proxy

    initialized = true;
}
sherlock-admin commented 7 months ago

2 comment(s) were left on this issue during the judging contest.

tsvetanovv commented:

Low. In addition the admin can use setBaseFee() and set the fee

0xAadi commented:

Invalid: Admin can reset the baseFee later using setBaseFee