No fees given to the protocol
Summary
No fees will be given to the protocol if the lenderFee or the borrowerFee is set to zero.
Vulnerability Details
setLenderFee and setBorrowerFee functions can be called by the owner and the lenderFee or the borrowerFee can be set to zero.
Instances:
https://github.com/Cyfrin/2023-07-beedle/blob/main/src/Lender.sol#L84C1-L88C1
function setLenderFee(uint256 _fee) external onlyOwner {
if (_fee > 5000) revert FeeTooHigh();
lenderFee = _fee;
}
https://github.com/Cyfrin/2023-07-beedle/blob/main/src/Lender.sol#L92C1-L96C1
function setBorrowerFee(uint256 _fee) external onlyOwner {
if (_fee > 500) revert FeeTooHigh();
borrowerFee = _fee;
}
Impact
This results in the respective protocol earning no fees.
Tools Used
Manual Review and VS Code
Recommendations
The following custom error can be used in the above-mentioned functions:
For the setLenderFee function use this:
function setLenderFee(uint256 _fee) external onlyOwner {
if (_fee > 5000) revert FeeTooHigh();
if (_fee < MIN_LENDER_FEE) revert LenderFeeTooSmall();
lenderFee = _fee;
}
And for the setBorrowerFee function use this:
function setBorrowerFee(uint256 _fee) external onlyOwner {
if (_fee > 500) revert FeeTooHigh();
if (_fee < MIN_BORROWER_FEE) revert BorrowerFeeTooSmall();
borrowerFee = _fee;
}
MIN_LENDER_FEE and MIN_BORROWER_FEE are the constant variables that can be set by the protocol to ensure the protocol earns some protocol fees.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.