Closed sherlock-admin2 closed 5 months ago
bareli
high
we are assigning the value of 1 to the flashMintFee in constructor.In the comment it is said that it should be 0.001% but it's not.
flashMintFee = 1; // 0.001%; function flashFee(address _usdo, uint256 amount) public view override returns (uint256) { if (_usdo != address(usdo)) revert NotValid(); @> return (amount * flashMintFee) / FLASH_MINT_FEE_PRECISION; }
function flashFee(address _usdo, uint256 amount) public view override returns (uint256) { if (_usdo != address(usdo)) revert NotValid(); @> return (amount * flashMintFee) / FLASH_MINT_FEE_PRECISION; } flashFee will be wrongly calculated.
https://github.com/sherlock-audit/2024-02-tapioca/blob/main/Tapioca-bar/contracts/usdo/USDOFlashloanHelper.sol#L57
Manual Review
flashMintFee is 0.001% of FLASH_MINT_FEE_PRECISION it should be around 100.
Invalid. Precision is 1e5. 0.001% is 1 as the fee property.
10000 * 1 / 1e5 = 0.01 which is 0.001% of 10000
Invalid value is correctly assigned, 10000 represents 100%. so 1 represents 0.001 %
bareli
high
Wrong value of flashMintFee in USDOFlashloanHelper.sol
Summary
we are assigning the value of 1 to the flashMintFee in constructor.In the comment it is said that it should be 0.001% but it's not.
Vulnerability Detail
flashMintFee = 1; // 0.001%; function flashFee(address _usdo, uint256 amount) public view override returns (uint256) { if (_usdo != address(usdo)) revert NotValid(); @> return (amount * flashMintFee) / FLASH_MINT_FEE_PRECISION; }
Impact
function flashFee(address _usdo, uint256 amount) public view override returns (uint256) { if (_usdo != address(usdo)) revert NotValid(); @> return (amount * flashMintFee) / FLASH_MINT_FEE_PRECISION; } flashFee will be wrongly calculated.
Code Snippet
https://github.com/sherlock-audit/2024-02-tapioca/blob/main/Tapioca-bar/contracts/usdo/USDOFlashloanHelper.sol#L57
Tool used
Manual Review
Recommendation
flashMintFee is 0.001% of FLASH_MINT_FEE_PRECISION it should be around 100.