search

sherlock-audit / 2024-05-kwenta-x-perennial-integration-update-judging

5 stars 3 forks source link

kgothatso - Keeper Fees can not be raised or changed #33

Closed sherlock-admin3 closed 5 months ago

sherlock-admin3 commented 5 months ago

kgothatso

medium

Keeper Fees can not be raised or changed

Summary

Keeper Fees can not be raised or changed

Vulnerability Detail

The _raiseKeeperFee is an internal function and is not being called anywhere to update the Keeper Fees

Impact

The keeper Fees can not be raised or changed. This can lead to losing a Keeper because of low Keeper Fees. Costs more gas if not used.

Code Snippet

     function _raiseKeeperFee(UFixed18 keeperFee, bytes memory data) internal virtual override returns (UFixed18) {
        (address account, IMarket market, UFixed6 fee) = abi.decode(data, (address, IMarket, UFixed6));
        UFixed6 raisedKeeperFee = UFixed6Lib.from(keeperFee, true).min(fee);
        _marketWithdraw(market, account, raisedKeeperFee);

        return UFixed18Lib.from(raisedKeeperFee);
    }

https://github.com/sherlock-audit/2024-05-kwenta-x-perennial-integration-update/blob/main/perennial-v2/packages/perennial-extensions/contracts/MultiInvoker.sol#L414C4-L421C1

Tool used

Manual Review

Recommendation

make the _raiseKeeperFee external or public and add an onlyOwner modifier to the function

or remove the function

sherlock-admin4 commented 5 months ago

2 comment(s) were left on this issue during the judging contest.

z3s commented:

Invalid; It can be used by contracts that inherit from 'MultiInvoker'

FSchmoede commented:

The contract is inherited by other contracts hence not correct.