Unbounded fees can lead to vault being under-coll
Summary
Within the LiquidationPoolManager, specifically in the setPoolFeePercentage() function at line 84, the _poolFeePercentage parameter lacks defined upper or lower bounds.
Excessively large values assigned to this parameter can trigger reverts in multiple functions within the system.
Vulnerability Details
The setPoolFeePercentage function, located at line 84 in LiquidationPoolManager, enables an owner to set the poolFeePercentage to a specified value.
In this context, the pool fee represents a percentage of a transaction directed by the protocol to a designated reserve account. Transaction fees play a pivotal role in various essential transaction types conducted within the system.
In both the function and constructor of LiquidationPoolManager, there are no defined upper or lower bounds for this parameter. Therefore, users can pay higher fees.
Impact
The owner can potentially set the fee to 100%, which poses a significant concern for users. Fees should ideally have reasonable upper limits, for instance, 40%, to prevent potential griefing.
Tools Used
Manual Analysis
Recommendations
Consider to define upper and lower bounds on the setPoolFeePercentage function and constructor.
Lead Judging Commences
informational/invalid
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.