Low Risk
https://github.com/Cyfrin/2023-12-the-standard/blob/c12272f2eec533019f2d255ab690f6892027f112/contracts/LiquidationPoolManager.sol#L28
https://github.com/Cyfrin/2023-12-the-standard/blob/c12272f2eec533019f2d255ab690f6892027f112/contracts/LiquidationPoolManager.sol#L84-L86
https://github.com/Cyfrin/2023-12-the-standard/blob/c12272f2eec533019f2d255ab690f6892027f112/contracts/SmartVaultManagerV5.sol#L103-L113
The contracts LiquidationPoolManager
and SmartVaultManagerV5
exhibit a vulnerability where fee parameters (poolFeePercentage
, mintFeeRate
, burnFeeRate
, and swapFeeRate
) are susceptible to unbounded values. This oversight could lead to the imposition of exorbitant fees, potentially deterring user engagement, causing economic instability, and resulting in unpredictable protocol behavior.
Both contracts lack constraints or validation checks on key fee parameters. Specifically:
LiquidationPoolManager
: The poolFeePercentage
has no upper limit set, allowing the contract owner to define excessive fees for liquidation.SmartVaultManagerV5
: The mintFeeRate
, burnFeeRate
, and swapFeeRate
are also not constrained, enabling the setting of unbounded fee percentages for various operations within the smart vault management.LiquidationPoolManager.sol
contract: Unrestricted fee settings within the LiquidationPoolManager
contract pose a significant threat to the stability and fairness of the protocol. High or unchecked fees might result in market distortions, unfair trading conditions, and potential economic instability. And absence of limitations on fee configurations could result in a loss of user confidence, leading to a perception of unpredictability and exploitation within the protocol's operations.
SmartVaultManagerV5.sol
contract: Unbounded fee settings in SmartVaultManagerV5 present a vulnerability, potentially leading to market instability, unfair conditions, and adverse economic effects. Unchecked fee structures might erode user trust by creating an unpredictable and potentially exploitative environment within the protocol's ecosystem.
Manual review.
Add reasonable upper limits for fee parameters to prevent the imposition of excessively high fees.