Incorrect Update of `s_feePrecision` to `FEE_PRECISION` in `ThunderLoanUpgraded.sol`
Vulnerability Details
In the upgraded contract ThunderLoanUpgraded.sol, the s_feePrecision variable has been replaced with a constant FEE_PRECISION. However, the updateFlashLoanFee() and getFee() functions are referencing the s_feePrecision state variable, which no longer exists. ThunderLoanUpgraded.getFee() won't return the correct value and ThunderLoanUpgraded.updateFlashLoanFee() won't work since a constant cannot be updated.
Impact
Logical Inconsistency: The contract code references a variable that has been removed, which can lead to logical errors and unexpected behavior.
Potential for Bugs: This inconsistency can cause bugs in the calculation of fees or when setting new fees, leading to incorrect fee handling.
Contract Upgrade Integrity: Upgrading contracts requires careful management of state and constants. Such an inconsistency might indicate a flawed upgrade process.
Recommendations
-
Consistent References and modifying logic: Ensure that all references to
s_feePrecisionare updated toFEE_PRECISIONthroughout the upgraded contract and modify the updateFlashLoanFee() function logic to update the fees accordingly. -
Testing and Review: Thoroughly test the upgraded contract to ensure that the intended functionality is preserved and that the fee-related operations work as expected.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.