0xGoodess
medium
Protocol Fee does not have a cap
Protocol Fee does not have a cap
lender, without a way to specify the minimum amount of collateral they take(or max fee to pay), when accepting bid could face, at worst, paying all their lendingAmount as fee if the owner makes change to the protocol fee to 100%. In the spec: protocol aims to achieve a state where market owners SHOULD not be able to race-attack a mem-pool tx, and this setter without a cap is sub-optimal.
Market owners should NOT be able to race-condition attack borrowers or lenders by
changing market settings while bids are being submitted or accepted
(while tx are in mempool). Care has been taken to ensure that this is not possible
Manual Review
set a max cap in the setter
function setProtocolFee(uint16 newFee) public virtual onlyOwner {
// Skip if the fee is the same
if (newFee == _protocolFee) return;
require(newFee <= MAX_PROTOCOL_FEE); @> audit
uint16 oldFee = _protocolFee;
_protocolFee = newFee;
emit ProtocolFeeSet(newFee, oldFee);
}