Slow Tan Swallow
Medium
As stated in the README the fee address should not be trusted
Fee receiver should not have any additional access (beyond standard users), though if the fee receiver is set to owner/admin that's fine.
This implies that the fee address can be any address and should not have any privileges above that of a normal user.
However currently the fee receiver has more privileges than a normal user, as it can control when applyFees
works and when it doesn't. That's because applyFees
executes an arbitrary call to that address, from where on the address can re-ender and use a flash-loan to vouch and claim a huge part of the rewards or DOS the function (by reverting it).
if (protocolFee > 0) {
_depositProtocolFee(protocolFee);
}
When we consider that applyFees
is used in all core functions - vouchByProfileId
, increaseVouch
and unvouch
we can see that the address receiving the funds has a huge control over the contract.
Fee receiver being called mid function inside applyFees
No response
No response
- Any user calls
unvouch
- Fee receiver does not want that vouch to be reduced, so he reverts the call
- User is unable to reduce his vouch
README states that the fee receiver should not have any privileges above a normal user, however that's not true as that address can control all core functions and choose who can vouch for who.
Fee receiver should not have any additional access (beyond standard users), though if the fee receiver is set to owner/admin that's fine.
No response
Instead of sending the funds directly to the fee receiver, increase rewards
and allow them to claim.
function _depositProtocolFee(uint256 amount) internal {
- (bool success, ) = protocolFeeAddress.call{ value: amount }("");
- if (!success) revert FeeTransferFailed("Protocol fee deposit failed");
+ rewards[protocolFeeAddress] += amount
}