Upgraded Q -> M from 98 [1654475216526] #342
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate
This issue or pull request already exists
upgraded by judge
Comments
code423n4
added
2 (Med Risk)
code423n4
added a commit
that referenced
this issue
Jun 6, 2022
|
Dupe of #48 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Judge has assessed an item in Issue #98 as Medium risk. The relevant finding follows:
Set Limits on setFee()
A Malicious owner could set feeRate to = (100 * 1e18) / 100; which would give the entire value of an exercise() transaction to the protocol, create a limit on the fees the owner can set.
https://github.com/code-423n4/2022-05-cally/blob/1849f9ee12434038aa80753266ce6a2f2b082c59/contracts/src/Cally.sol#L119-L121
The text was updated successfully, but these errors were encountered: