Flashloan fee is not distributed to the factory

mediumCode4rena

Lines of code

https://github.com/code-423n4/2023-04-caviar/blob/main/src/PrivatePool.sol#L623-L654

Vulnerability details

Impact

Flashloan fee is not distributed to the factory

Proof of Concept

When user takes a flashloan, then he pays a fee to the PrivatePool. The problem is that the whole fee amount is sent to PrivatePool and factory receives nothing.

However, all other function of contract send some part of fees to the factory. For example, change function, which is similar to the flashloan as it doesn't change virtual nft and balance reserves. This function calculates pool and protocol fees.

But in case of flashloan, only pool receives fees.

Tools Used

VsCode

Recommended Mitigation Steps

Send some part of flashloan fee to the factory.

OneBugPerDay.com

To all the whitehats, we salute you

Legal

Advertise with us Privacy Policy Terms of Service Cookie Policy Acceptable Use

Unsubscribe

Unsubscribe from all emails Confirm unsubscribe via code

Subscribe via form Confirm subscription via code Change your Preferences

Made by Alex The Entreprenerd Vulnerabilities database by TinTinWeb