Submission Details
Impact:
Likelihood:
Missing Fee Bounds Validation in `ChangeFee`
Description:
The ChangeFee function allows setting buy and sell fees to any value, even excessively high ones, with no validation.
Impact:
The owner could set fees to extreme values (e.g., 100%), rendering trading impossible or capturing exorbitant protocol revenue, harming users.
Proof of Concept: TODO add test
Test could set fee to an unreasonable value:
function test_FeeBoundsValidation() public {
uint24 maxFee = 1000000; // Over maximum allowed fee (100%)
rebateHook.ChangeFee(true, maxFee, false, 0);
(uint24 buyFee, ) = rebateHook.getFeeConfig();
assertEq(buyFee, maxFee);
}
Mitigation:
Enforce max fee values, e.g., no more than 10% (100,000 in Uniswap V4 fee units).
+ uint24 public constant MAX_FEE = 100000; // 10%
function ChangeFee(
bool _isBuyFee,
uint24 _buyFee,
bool _isSellFee,
uint24 _sellFee
) external onlyOwner {
- if(_isBuyFee) buyFee = _buyFee;
+ if(_isBuyFee) {
+ require(_buyFee <= MAX_FEE, "Buy fee exceeds maximum");
+ buyFee = _buyFee;
+ }
- if(_isSellFee) sellFee = _sellFee;
+ if(_isSellFee) {
+ require(_sellFee <= MAX_FEE, "Sell fee exceeds maximum");
+ sellFee = _sellFee;
+ }
}
Rewards breakdown
nSLOC
150This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.