fee setter functions lacks upper bound checks which means swap fee can be set to 100%
Summary
The SmartVaultManagerV5.sol contract contains functions to update swapFeeRate, burnFeeRate and mintFeeRate. However, these functions lack explicit upper bound checks to ensure that the provided values conform to the specified ranges.
Vulnerability Details
In SmartVaultManagerV5.sol,
and in LiquidationPoolManager.sol,
The functions setMintFeeRate(), setBurnFeeRate() and setSwapFeeRate() and setPoolFeePercentage() does not have upper bound check which means the fee can be charged to 100% to users. It is possible that 0 fee can be charged by the owner of contract but the functions should have maximum fee checks so that it should not be unfair to user if suddenly fee is changed to 100% then the users will be returned with empty hands while completing the transactions.
It should be noted that all above functions can only be acessed by owner of contract and in case of private key leakage, the fee in above function can be set to any value as it is possible in current implementation so even a malicious owner can do it. one way to prevent this issue from happening is to add maximum fee checks as require condition in above setter functions.
Impact
Loss of funds to users of the protocol sets the fee to 100% which is possible in current implementation. The consequence of this event will also hamper protocol reputation in market.
Tools Used
Manual review
Recommendations
Add upper bound checks for the fee setter functions so that fee should not be charged more than maximum limit.
Lead Judging Commences
informational/invalid
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.