The Standard
The Standard
DeFiHardhat
20,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Need to ensure that the value of fee is greater than the value of HUNDRED_PC

acai

Summary

In order to prevent users from bypassing payment fees, it is necessary to ensure that the value of fee is greater than the value of HUNDRED_PC.

Vulnerability Details

When the fee calculation is involved in the mint and burn functions of the SmartVaultV3 contract, you need to ensure that the values of the two variables ISmartVaultManagerV3(manager).mintFeeRate() and ISmartVaultManagerV3(manager).burnFeeRate() are greater than HUNDRED_PC = 1e5. Otherwise, users can mint or burn a small amount of tokens to avoid paying fees.
Assuming mintFeeRate() = 1e3, the user can mint 99 EURO tokens each time to avoid paying fees. Because 99 * 1e3 < 1e5, and because of the nature of the solidity language, 99 * 1e3 / 1e5 = 0.
##Impact
Users can mint or burn small amounts of tokens to avoid paying fees.

Tools Used

Recommendations

function setMintFeeRate(uint256 _rate) external onlyOwner {
require(_rate > 1e5);
mintFeeRate = _rate;
}
function setBurnFeeRate(uint256 _rate) external onlyOwner {
require(_rate > 1e5);
burnFeeRate = _rate;
}
Updates

Lead Judging Commences

hrishibhat Lead Judge almost 2 years ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

informational/invalid

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!