Admin can set arbitrary Flash Loan Fees #3
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-139
satisfactory
satisfies C4 submission criteria; eligible for awards
Lines of code
https://github.com/code-423n4/2022-10-traderjoe/blob/79f25d48b907f9d0379dd803fc2abc9c5f57db93/src/LBFactory.sol#L474
Vulnerability details
Impact
The factory owner has power to set Flash Loan fees to any arbitrary amount . This can be potentially dangerous for users , especially if they don't check the amount of flash loan fees before calling the LBPair
flashLoan
function (by calling the factory contractflashLoanFee
variable directly to send the fees to the protocol in there callback function logic).Example:
FlashLoanFee = 500000000000000000
Contract A calls flashLoan function .
Unknowingly Sends 50% of flash loan as fees, as the contract transferred tokens by calling the factory contract directly instead of manually entering the fees to send.
Clearly the User is at a loss.
Proof of Concept
https://github.com/code-423n4/2022-10-traderjoe/blob/79f25d48b907f9d0379dd803fc2abc9c5f57db93/src/LBFactory.sol#L474
Tools Used
VsCode
Recommended Mitigation Steps
I recommend creating a sensible lower and upper limit in case of flash loan fees set by the owner.
The text was updated successfully, but these errors were encountered: