First Flight #3: Thunder Loan
First Flight #3
Beginner FriendlyFoundryDeFiOracle
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

There is no valid reason to check in `updateFlashLoanFee` function if `newFee > s_feePrecision`

tadev

Summary

The current implementation of updateFlashLoanFee is as follows :

function updateFlashLoanFee(uint256 newFee) external onlyOwner {
if (newFee > s_feePrecision) {
revert ThunderLoan__BadNewFee();
}
s_flashLoanFee = newFee;
}

There is no reason to add the check that verifies that newFee > s_feePrecision.

Vulnerability Details

Indeed, this checks only means the the new proposed fee by the admin shouldn't be greater than 100%. But this fee could theoretically be higher, 200% for example. This would mean , for example, that a user :

  • Needs to have 1000 tokens on the contract that calls flashloan function

  • In order to borrow 500 tokens from the flashloan service of the protocol

The scenario seems very unlikely, but it could still be possible. Hence, the sanity check for the proposed newFee doesn't seem necessary.

Impact

The impact is LOW as the probability of an owner setting s_flashLoanFee to more than 100% seems really low. Moreover, doing that would probably stop user from using the protocol.

Tools Used

Manual

Recommendations

I suggest to modify updateFlashLoanFee function to remove this check.

function updateFlashLoanFee(uint256 newFee) external onlyOwner {
s_flashLoanFee = newFee;
}

The custom error declaration should also be removed.

Updates

Lead Judging Commences

0xnevi Lead Judge
over 1 year ago
0xnevi Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Other

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.