Skip to content
This repository has been archived by the owner on May 26, 2023. It is now read-only.

kenzo - Redeemer.setFee will always revert #53

Closed
sherlock-admin opened this issue Nov 10, 2022 · 4 comments
Closed

kenzo - Redeemer.setFee will always revert #53

sherlock-admin opened this issue Nov 10, 2022 · 4 comments
Labels
Duplicate

Comments

@sherlock-admin
Copy link
Contributor

sherlock-admin commented Nov 10, 2022
edited by Evert0x
Loading

kenzo

low

Redeemer.setFee will always revert

Summary

setFee will always revert due to missing way to set feeChange variable.

Vulnerability Detail

Described above and below.

Impact

Redeemer fee can not be changed.

Code Snippet

The fee can only be changed via setFee function.
It reverts if feeChange==0:

    function setFee(uint256 f) external authorized(admin) returns (bool) {
        uint256 feeTime = feeChange;
        if (feeTime == 0) {
            revert Exception(23, 0, 0, address(0), address(0));

There is no way in the code to set feeChange.
Therefore the function will always revert and the fee can not be changed.

Tool used

Manual Review

Recommendation

Add a function to change feeChange.

Duplicate of #34
@KenzoAgada
Copy link

KenzoAgada commented Nov 22, 2022
edited
Loading

Escalate for 100 USDC
This is a clear duplicate of #34 .
[edit: after submitting this, the sponsor has wrote in #34 that the main can be perhaps downgraded to low (as I've rated it here) as no user funds are at risk. This is a legitimate point. But if it is downgraded, other issues which have no funds are at risk should also probably be downgraded: from a quick glance #223 , #195 , #99 , #41 , #40 ).

@sherlock-admin
Copy link
Contributor Author

sherlock-admin commented Nov 22, 2022
edited
Loading

Escalate for 100 USDC
This is a clear duplicate of #34 .
[edit: after submitting this, the sponsor has wrote in #34 that the main can be perhaps downgraded to low (as I've rated it here) as no user funds are at risk. This is a legitimate point. But if it is downgraded, other issues which have no funds are at risk should also probably be downgraded: from a quick glance #223 , #195 , #99 , #41 , #40 ).

You've created a valid escalation for 100 USDC!

To remove the escalation from consideration: Delete your comment.
To change the amount you've staked on this escalation: Edit your comment (do not create a new comment).

You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.

@Evert0x
Copy link

Evert0x commented Nov 25, 2022

Escalation accepted

@sherlock-admin
Copy link
Contributor Author

Escalation accepted

This issue's escalations have been accepted!

Contestants' payouts and scores will be updated according to the changes made on this issue.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Duplicate
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Evert0x @sherlock-admin @KenzoAgada