Submission Details
Impact:
Likelihood:
[I-2] Comments of the `calculateFees` function are making a wrong assumption
Author Revealed upon completion
Comments of the calculateFees function are making a wrong assumption
Description
function calculateFees(uint256 price) external pure returns (uint256) {
@> // for testing purposes, we want to be able to call this function directly to check the fee calculation logic
@> // must be removed before production deployment, as it can be gamed by malicious actors to calculate the fees for a given price and then use that information to game the system
return _calculateFees(price);
}
However, this function is a simple wrapper of the _calculateFees pure function that is processing public data. Even if it is marked as internal, these data can be processed externally by any actor who wants to replicate its behavior.
Recommended Mitigation
Fix every vulnerability that can be exploited through this function.
Rewards breakdown
nSLOC
253This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.
Rewards Distribution
The contest is complete and the rewards are being distributed.