code-423n4/2024-08-phi-validation

No limit on `protocolFeePercent` in Cred Contract

c4-bot-8 opened this issue · 0 comments

c4-bot-8 commented

Lines of code

https://github.com/code-423n4/2024-08-phi/blob/8c0985f7a10b231f916a51af5d506dd6b0c54120/src/Cred.sol#L91
https://github.com/code-423n4/2024-08-phi/blob/8c0985f7a10b231f916a51af5d506dd6b0c54120/src/Cred.sol#L147

Vulnerability details

Description

The protocolFeePercent is a critical parameter in the Cred contract, influencing the fees deducted from every transaction. This fee is typically charged as a percentage of the transaction value and is transferred to the protocolFeeDestination. The value of protocolFeePercent can be modified by the contract owner through the initialize & setProtocolFeePercent functions.

However there is no upper limit on it. The absence of a fixed upper limit on protocolFeePercent poses significant risks, including potential exploitation by the contract owner and severe economic implications for users. This report examines the importance of implementing a cap on this fee and outlines the issues that can arise without such a safeguard.

The setProtocolFeePercent function allows the contract owner to set the protocolFeePercent to any value without any restriction.Without an upper limit, the owner could set an excessively high fee percentage, leading to disproportionate fees on transactions. For instance, if the fee is set to 100% or higher, users could lose the entire value of their transactions to fees.

The ability to set an arbitrarily high fee percentage introduces a significant risk of exploitation, especially if the contract owner becomes malicious or the contract is compromised. In such a scenario, the owner could change the fee to an exorbitantly high value, effectively stealing funds from users who continue to transact with the contract.

Impact

If the protocolFeePercent is set to an unreasonably high value, users could lose significant portions of their funds during transactions, leading to financial losses and dissatisfaction. The centralized control over transaction fees by the contract owner could be perceived as a security risk. In decentralized systems, such power is often distributed or heavily regulated to prevent misuse.

Tools Used

Manual Review

Recommendation

A reasonable upper limit (e.g., 10%) should be enforced on protocolFeePercent to prevent excessive fee setting. This limit can be hard-coded or introduced as a maximum allowable value in the initialize and setProtocolFeePercent functions.

Assessed type

Other