`SystemConfig::getPlatformFeeRate` function returns incorrect information for non-users of the protocol
Links
Summary
The SystemConfig::getPlatformFeeRate function will return incorrect information if the function is called by non-users of the protocol.
Vulnerability Details
The SystemConfig::getPlatformFeeRate function returns the platform fee rate for a given user:
This function is called in PreMarker::createTaker function with parameter msg.sender and it works fine for this purpose. If the user doesn't have platform fee rate (the user is new), the user will receive the basePlatformFeeRate.
The problem is that the function getPlatformFeeRate is external and can be called by anyone. That includes people that are not users of the protocol. In that case the userPlatformFeeRate[_user] will also returns 0. That is incorrect because these people are not created the order and they should not have platform fee rate.
According to the comment above the function the user address should be an address that has created an order. But this is never checked and the address can be of a person that doesn't have created an order:
Impact
If non-users of the protocol call the getPlatformFeeRate function they will receive incorrect information.
Tools Used
Manual Review
Recommendations
The function getPlatformFeeRate is used only in PreMarket contract. You can add a modifier that ensures the getPlatformFeeRate function is called only from PreMarket contract.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.