Lucene search

K
code423n4Code4renaCODE423N4:2022-10-TRADERJOE-FINDINGS-ISSUES-506
HistoryNov 14, 2022 - 12:00 a.m.

Upgraded Q -> M from #403 [1668467487185]

2022-11-1400:00:00
Code4rena
github.com
4
risk assessment
flash loan
gas fee
admin
security issue

Judge has assessed an item in Issue #403 as M risk. The relevant finding follows:

  1. No upper limit check on flash loan fee
    No upper limit check on setFlashLoanFee(). Although only admin can set this, human error can lead to higher percente swap, leading to excess swap and gas fee. Or admin can rug pull users by front-running flash loan transaction and setting unreasonable high fee.

function setFlashLoanFee(uint256 _flashLoanFee) external override onlyOwner {
uint256 _oldFlashLoanFee = flashLoanFee;

if (_oldFlashLoanFee == _flashLoanFee) revert LBFactory__SameFlashLoanFee(_flashLoanFee);

flashLoanFee = _flashLoanFee;
emit FlashLoanFeeSet(_oldFlashLoanFee, _flashLoanFee);

}
<https://github.com/code-423n4/2022-10-traderjoe/blob/79f25d48b907f9d0379dd803fc2abc9c5f57db93/src/LBFactory.sol#L474-L481&gt;


The text was updated successfully, but these errors were encountered:

All reactions