DRFeeMutualizer Manual Review Findings

DRF-01M: Improper Validation of Payment

Type	Severity	Location
Logical Fault		DRFeeMutualizer.sol:L226

Description:

The DRFeeMutualizer::returnDRFee function will incorrectly permit an arbitrary amount of native funds to be sent to it if the _returnedFeeAmount is 0 due to not invoking the FundsBase::validateIncomingPayment function unconditionally.

Impact:

Although not a present issue, the lack of native amount validation in case a _returnedFeeAmount of 0 has been supplied can result in fund loss.

Example:

Copy
216function returnDRFee(
217    uint256 _exchangeId,
218    uint256 _returnedFeeAmount
219) external payable override onlyProtocol nonReentrant {
220    FeeInfo storage feeInfo = feeInfoByExchange[_exchangeId];
221    uint256 requestedFeeAmount = feeInfo.amount;
222    if (requestedFeeAmount == 0) revert InvalidExchangeId();
223
224    // Fee is being returned, add back to pool (if any)
225    if (_returnedFeeAmount > 0) {
226        validateIncomingPayment(feeInfo.token, _returnedFeeAmount);
227        poolBalances[feeInfo.token] += _returnedFeeAmount;
228    }
229
230    delete feeInfoByExchange[_exchangeId];
231
232    emit DRFeeReturned(_exchangeId, requestedFeeAmount, _returnedFeeAmount);
233}

Recommendation:

We advise the FundsBase::validateIncomingPayment function to be invoked unconditionally, preventing accidental fund loss in future integrations.

Alleviation (efd5d1a8f23c3bca7c25273ea4c912a367250119):

The code was updated to no longer support native payments directly and to instead support their wrapped variant, alleviating this exhibit.