Platform: Code4rena
Start Date: 14/10/2022
Pot Size: $100,000 USDC
Total HM: 12
Participants: 75
Period: 9 days
Judge: GalloDaSballo
Total Solo HM: 1
Id: 171
League: ETH
Rank: 73/75
Findings: 1
Award: $0.01
π Selected for report: 0
π Solo Findings: 0
π Selected for report: 0xSmartContract
Also found by: Aymen0909, Dravee, Josiah, M4TZ1P, Mukund, Nyx, SooYa, catchup, cccz, chaduke, csanuragjain, djxploit, hansfriese, ladboy233, leosathya, pashov, rvierdiiev, sorrynotsorry, supernova, vv7, wagmi, zzykxx
0.006 USDC - $0.01
An unexpected bump in fees impacting users. With the ability to change fee, itβs safe to assume at some point the admin may choose to increase the fee. At that point, A careless user may have to pay a very high fee without knowing it. Some users may be more sensitive to this than others.
Bob wants to use flashloan() and wants to see the fee before using it. Bob check flashloan fee with flashLoanFee() and he's okay with the fee. And starts calculating whether he wants to use it or not. He decides to use it. But when he is calculating admin decides to change flashloan fee. Bob didn't check flashloan fee again and use flashloan(). He expects x amount of fee needs to be paid but now he needs to pay more than that.
Vs Code
Consider define upper bounds on the flashLoanFee(). So user can know how much he needs to pay at most.
#0 - Shungy
2022-10-24T09:49:50Z
I believe this finding to be technically partially valid but of lower severity if not disqualified.
My reasoning is stated in a similar finding: https://github.com/code-423n4/2022-10-traderjoe-findings/issues/472#issuecomment-1288454510
#1 - GalloDaSballo
2022-10-27T21:15:50Z
#2 - c4-judge
2022-11-23T18:38:07Z
GalloDaSballo marked the issue as not a duplicate
#3 - c4-judge
2022-11-23T18:39:06Z
GalloDaSballo marked the issue as duplicate of #139
#4 - Simon-Busch
2022-12-05T06:33:49Z
Marked this issue as Satisfactory as requested by @GalloDaSballo