search

sherlock-audit / 2024-05-kwenta-x-perennial-integration-update-judging

5 stars 3 forks source link

bareli - wrong implement of "_handleKeeperFee" #21

Closed sherlock-admin3 closed 5 months ago

sherlock-admin3 commented 5 months ago

bareli

medium

wrong implement of "_handleKeeperFee"

Summary

msg.data[0:0] will be empty string

Vulnerability Detail

    _handleKeeperFee(
        KeepConfig(
            UFixed18Lib.ZERO,
            keepBufferBase,
            UFixed18Lib.ZERO,
            keepBufferCalldata
        ),
        0,
   @>>     msg.data[0:0],
        0,
        abi.encode(account, market, order.fee)
    );

Impact

Code Snippet

https://github.com/sherlock-audit/2024-05-kwenta-x-perennial-integration-update/blob/main/perennial-v2/packages/perennial-extensions/contracts/MultiInvoker.sol#L381

Tool used

Manual Review

Recommendation

it should be some different lenght.

sherlock-admin3 commented 5 months ago

2 comment(s) were left on this issue during the judging contest.

z3s commented:

Invalid; It's not used in Kept contract anyway.

FSchmoede commented:

Invalid. Looking at the definition of the method from equilibria-xyz it looks like a valid parameter.