Fee in Cally.setFee() should be upper-bounded #314

HardlyDifficult · 2022-05-24T23:18:54Z

From BowTiedWardens in #190

[L-02] Fee in Cally.setFee() should be upper-bounded
A malicious owner or owner account compromise can set the fee very high, up to 100%, siphoning all profits from the protocol.

Consider implementing a reasonable upper limit here:

File: Cally.sol
119: function setFee(uint256 feeRate_) external onlyOwner {
120: feeRate = feeRate_;
121: }

HardlyDifficult · 2022-05-24T23:19:06Z

Dupe of #48

JeeberC4 · 2022-06-06T18:11:33Z

Issue recreated with script that includes all required data.

HardlyDifficult added bug Something isn't working duplicate This issue or pull request already exists 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value labels May 24, 2022

HardlyDifficult closed this as completed May 24, 2022

HardlyDifficult mentioned this issue May 24, 2022

QA Report #190

Open

JeeberC4 added invalid This doesn't seem right and removed bug Something isn't working duplicate This issue or pull request already exists 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value labels Jun 6, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fee in Cally.setFee() should be upper-bounded #314

Fee in Cally.setFee() should be upper-bounded #314

HardlyDifficult commented May 24, 2022

HardlyDifficult commented May 24, 2022

JeeberC4 commented Jun 6, 2022

Fee in Cally.setFee() should be upper-bounded #314

Fee in Cally.setFee() should be upper-bounded #314

Comments

HardlyDifficult commented May 24, 2022

HardlyDifficult commented May 24, 2022

JeeberC4 commented Jun 6, 2022