Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2022-02-CONCUR-FINDINGS-ISSUES-242
HistoryFeb 09, 2022 - 12:00 a.m.

Unconstrained fee

2022-02-0900:00:00
Code4rena
github.com
2
JSON

Lines of code

Vulnerability details

Impact

Token fee in MasterChef can be set to more than 100%, (for example by accident) causing all deposit calls to fail due to underflow on subtraction when reward is lowered by the fee, thus breaking essential mechanics. Note that after the fee has been set to any value, it cannot be undone. A token cannot be removed, added, or added the second time. Thus, mistakenly (or deliberately, maliciously) added fee that is larger than 100% will make the contract impossible to recover from not being able to use the token.

Tools Used

Manual analysis

Recommended Mitigation Steps

On setting fee ensure that it is below a set maximum, which is set to no more than 100%.

The text was updated successfully, but these errors were encountered:

All reactions

JSON