Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Bond Protocol>Threat Models>setReferrerFee
GeneralOverview
Findings
Medium (2)
Low (1)
Informational (3)
DiscussionRedundant safeTransfer callAssure token is activeRemove unchecked blockDouble-counted auctioneer
Threat ModelsWhat are threat models?BondAggregator.solBondBaseCallback.solBondBaseSDA.sol
BondBaseTeller.solsetReferrerFeesetProtocolFeeclaimFeespurchase_handleTransfers
BondFixedExpirySDA.solBondFixedExpiryTeller.solBondFixedTermSDA.solBondFixedTermTeller.sol
Audit ResultsResults

Function setReferrerFee(uint48 fee_) external

  1. Allow any user to set a fee value if their address will be used as Referrer address.

  2. There is a limit on the maximum fee value.

  3. This value can be used inside the purchase function to calculate toReferrer fee value. The user calling the purchase function controls the referrer_ address theirself, so there are no problems associated with this.

  4. Could be used to front-run users (as mentioned in audit #1)

Zellic © 2024Back to top ↑