NFT Dealers
First Flight #58
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Impact: low
Likelihood: high
Invalid

[I-2] Comments of the `calculateFees` function are making a wrong assumption

fuzz755

Comments of the calculateFees function are making a wrong assumption

Description

function calculateFees(uint256 price) external pure returns (uint256) {
@> // for testing purposes, we want to be able to call this function directly to check the fee calculation logic
@> // must be removed before production deployment, as it can be gamed by malicious actors to calculate the fees for a given price and then use that information to game the system
return _calculateFees(price);
}

However, this function is a simple wrapper of the _calculateFees pure function that is processing public data. Even if it is marked as internal, these data can be processed externally by any actor who wants to replicate its behavior.

Recommended Mitigation

Fix every vulnerability that can be exploited through this function.

Updates

Lead Judging Commences

rubik0n Lead Judge 16 days ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

info

Appeal created

fuzz755 Submitter
16 days ago
rubik0n Lead Judge
13 days ago
rubik0n Lead Judge 8 days ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

info

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!