Platform: Code4rena
Start Date: 29/03/2024
Pot Size: $36,500 USDC
Total HM: 5
Participants: 72
Period: 5 days
Judge: 3docSec
Total Solo HM: 1
Id: 357
League: ETH
Rank: 28/72
Findings: 1
Award: $8.28
๐ Selected for report: 0
๐ Solo Findings: 0
๐ Selected for report: immeas
Also found by: 0xAkira, 0xCiphky, 0xGreyWolf, 0xJaeger, 0xMosh, 0xabhay, 0xlemon, 0xmystery, 0xweb3boy, Aamir, Abdessamed, Aymen0909, Breeje, DanielArmstrong, DarkTower, Dots, EaglesSecurity, FastChecker, HChang26, Honour, IceBear, JC, K42, Krace, MaslarovK, Omik, OxTenma, SAQ, Shubham, Stormreckson, Tigerfrake, Tychai0s, VAD37, ZanyBonzy, albahaca, arnie, ast3ros, asui, b0g0, bareli, baz1ka, btk, caglankaan, carrotsmuggler, cheatc0d3, dd0x7e8, grearlake, igbinosuneric, jaydhales, kaden, kartik_giri_47538, m4ttm, ni8mare, niser93, nonn_ac, oualidpro, pfapostol, pkqs90, popeye, radev_sw, samuraii77, slvDev, zabihullahazadzoi
8.2807 USDC - $8.28
https://github.com/code-423n4/2024-03-ondo-finance/blob/main/contracts/ousg/ousgInstantManager.sol#L554-L560 https://github.com/code-423n4/2024-03-ondo-finance/blob/main/contracts/ousg/ousgInstantManager.sol#L567-L573
The mintFee and redeemFee variables in the contract OUSGInstantManager.sol are basis points of the fees collected when minting and redeeming OUSG respectively.
There are checks to ensure these fees remain below a certain limit (200) before assignment, these checks and assignment occur in the setMintFee and setRedeemFee functions respectively. The major issue is that the developer seemed to have mixed up the variables that need to be checked before setting the new values.
The current incorrect implementation checks the old mintFee value (L407), the old redeemFee value (L415) rather than the incoming _mintFee and _redeemFee values.
This could be a small yet vital error that could potentially cause a loss of funds, considering it could lead to setting higher fees แนญhan users expect.
function setMintFee( uint256 _mintFee ) external override onlyRole(CONFIGURER_ROLE) { require(mintFee < 200, "OUSGInstantManager::setMintFee: Fee too high"); emit MintFeeSet(mintFee, _mintFee); mintFee = _mintFee; }
function setRedeemFee( uint256 _redeemFee ) external override onlyRole(CONFIGURER_ROLE) { require(redeemFee < 200, "OUSGInstantManager::setRedeemFee: Fee too high"); emit RedeemFeeSet(redeemFee, _redeemFee); redeemFee = _redeemFee; }
VSCode
To resolve this issue, correct the checks on the fees so they apply to the newly provided values _mintFee and _redeemFee instead of the old mintFee and redeemFee values. Here is the corrected implementation:
function setMintFee( uint256 _mintFee ) external override onlyRole(CONFIGURER_ROLE) { require(_mintFee < 200, "OUSGInstantManager::setMintFee: Fee too high"); emit MintFeeSet(mintFee, _mintFee); mintFee = _mintFee; } function setRedeemFee( uint256 _redeemFee ) external override onlyRole(CONFIGURER_ROLE) { require(_redeemFee < 200, "OUSGInstantManager::setRedeemFee: Fee too high"); emit RedeemFeeSet(redeemFee, _redeemFee); redeemFee = _redeemFee; }
Invalid Validation
#0 - c4-pre-sort
2024-04-04T04:49:48Z
0xRobocop marked the issue as duplicate of #181
#1 - c4-judge
2024-04-09T14:51:56Z
3docSec changed the severity to QA (Quality Assurance)
#2 - c4-judge
2024-04-09T14:52:15Z
3docSec marked the issue as grade-b