Skip to content
This repository has been archived by the owner on May 26, 2023. It is now read-only.

Latest commit

 

History

History
23 lines (15 loc) · 761 Bytes

303.md

File metadata and controls

23 lines (15 loc) · 761 Bytes
Raw

hl_

medium

Possible attacks on users for fees paid

Summary

The rebalance function can be called by anyone, resulting in possible attacks on users in relation to fees paid.

Vulnerability Detail

The rebalance function in PerpDepository.sol can be called by anyone, and there is a fee to be paid. An attacker can call this function repeatedly on a user (at the appropriate rebalancing instances), causing the user to have to pay fees which user did not authorize.

Impact

Users having to pay fees which they did not authorize.

Code Snippet

https://github.com/sherlock-audit/2023-01-uxd/blob/main/contracts/integrations/perp/PerpDepository.sol#L446-L470

Tool used

Manual Review

Recommendation

Include access controls to this function.