A configurable startFeeFraction with no upper bound can be claimed by the caller to a specified address.
The fee is not based on the gas cost, but on the _totalLent of the pool.
We believe this startFee reward is unnecessary and it creates a potential rug vector.
Given:
A malicious/compromised owner can first set the startFeeFraction to 0 and wait until the _startTime then do the following steps in one tx:
As a result, 4.9M USDC will be stolen by the attacker.
The text was updated successfully, but these errors were encountered:
All reactions