Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

`LendingPool::setProtocolFeeRate()` allows the owner to set an unlimited protocol fee rate

patitonar

Summary

The LendingPool::setProtocolFeeRate function allows the owner to set an unlimited protocol fee rate, enabling them to extract arbitrary value from users.

Vulnerability Details

In LendingPool.sol, the setProtocolFeeRate function allows the owner to set the protocol fee rate without any upper bound:

function setProtocolFeeRate(uint256 newProtocolFeeRate) external onlyOwner {
rateData.protocolFeeRate = newProtocolFeeRate;
}

Since there is no maximum limit on newProtocolFeeRate, a malicious owner can:

  1. Keep fee rate at 0% to attract users

  2. After some time, update the fee rate to a large value (e.g., 100000%)

  3. Over the time, users will pay a large amount of fees to the owner

Impact

This can lead to complete loss of user funds with no upper bound on the potential loss amount.

Tools Used

Manual review

Recommendations

Add a maximum limit to the protocol fee rate:

function setProtocolFeeRate(uint256 newProtocolFeeRate) external onlyOwner {
+ require(newProtocolFeeRate <= MAX_PROTOCOL_FEE_RATE, "Fee rate exceeds maximum");
rateData.protocolFeeRate = newProtocolFeeRate;
}

Where MAX_PROTOCOL_FEE_RATE should be a reasonable value like 10% (1e26 in RAY).

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!