Submission Details
Severity:
Owner can set the feeRate to be greater than 100% and cause all future calls to exercise to revert
Summary
When the value of FeeRate (rate) is greater than HUNDRED PC (100%), it means that the rate exceeds the expected percentage
Vulnerability Details
File: contracts/SmartVaultV3.sol
161 uint256 fee = _amount * ISmartVaultManagerV3(manager).mintFeeRate() / ISmartVaultManagerV3(manager).HUNDRED_PC();
170 uint256 fee = _amount * ISmartVaultManagerV3(manager).burnFeeRate() / ISmartVaultManagerV3(manager).HUNDRED_PC();
208 uint256 requiredCollateralValue = minted * _manager.collateralRate() / _manager.HUNDRED_PC();
215 uint256 swapFee = _amount * ISmartVaultManagerV3(manager).swapFeeRate() / ISmartVaultManagerV3(manager).HUNDRED_PC();
224 amountIn: _amount - swapFee,
Impact
As an example:
https://github.com/Cyfrin/2023-12-the-standard/blob/main/contracts/SmartVaultV3.sol#L214
If swapFee is greater than _amount, the value of amountIn will be calculated incorrectly, and the entire contract system will go wrong.
Tools Used
Manual review
Recommendations
Limit the value range of _rate
function setMintFeeRate(uint256 _rate) external onlyOwner {
require(_rate <= MAX_FEE_RATE, "Rate exceeds maximum fee rate.");
mintFeeRate = _rate;
}
function setBurnFeeRate(uint256 _rate) external onlyOwner {
require(_rate <= MAX_FEE_RATE, "Rate exceeds maximum fee rate.");
burnFeeRate = _rate;
}
function setSwapFeeRate(uint256 _rate) external onlyOwner {
require(_rate <= MAX_FEE_RATE, "Rate exceeds maximum fee rate.");
swapFeeRate = _rate;
}
Updates
Lead Judging Commences
hrishibhat over 1 year ago
Submission Judgement Published Reason: Non-acceptable severity
Assigned finding tags:
informational/invalid
Prize pool breakdown
Total prize
20,000 USDC
nSLOC
60933 USDC / LOC
17,500 USDC
2,500 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.