4 matches found
feenominators are set incorrectly through setFee function
Lines of code Vulnerability details Impact feenominators supposed to be updated using the array of indexes i not the current position of array length d Proof of Concept The function updates the fenominatorsx instead of feenominatorsix for uint256 x; x len; if dx MINFEENOMINATOR revert Exception18...
Upgraded Q -> M from 286 [1654474962848]
Judge has assessed an item in Issue 286 as Medium risk. The relevant finding follows: No min/max fee rate Line Refrences Cally.solL119-121 Description Limits for the fee rate should be set to avoid mistakes when setting the fee. A fee rate that is over 100% could result in the exercise function n...
Upgraded Q -> M from 98 [1654475216526]
Judge has assessed an item in Issue 98 as Medium risk. The relevant finding follows: Set Limits on setFee A Malicious owner could set feeRate to = 100 1e18 / 100; which would give the entire value of an exercise transaction to the protocol, create a limit on the fees the owner can set. --- The te...
Add max fee in setFee and emit event
Lines of code Vulnerability details Impact Malicious owner can steal all ETH of a sell. Proof of Concept The function setFeeCallyNFT.sol is critical as it set the amount of ETH that the protocol will receive. A malicious owner can set the fee to 1e18 and all ETH after exercise will go to the owne...