Bauer
medium
Owner can set higher protocol fees to get funds from lender
The lenderAcceptBid() function is used for a lender to accept a proposed loan bid. Inside the function, the protocol will charge the lender an protocol fee. According to the docuemnt even the Admins/owners should not be able to steal funds from the protocol. However, owner can set higher protocol fees to get funds from lender.
TellerV2.sol
amountToProtocol = bid.loanDetails.principal.percent(protocolFee());
amountToMarketplace = bid.loanDetails.principal.percent(
marketRegistry.getMarketplaceFee(bid.marketplaceId)
);
amountToBorrower =
bid.loanDetails.principal -
amountToProtocol -
amountToMarketplace;
//transfer fee to protocol
bid.loanDetails.lendingToken.safeTransferFrom(
sender,
owner(),
amountToProtocol
);
ProtocolFee.sol
function setProtocolFee(uint16 newFee) public virtual onlyOwner {
// Skip if the fee is the same
if (newFee == _protocolFee) return;
uint16 oldFee = _protocolFee;
_protocolFee = newFee;
emit ProtocolFeeSet(newFee, oldFee);
}
Owner can steal funds from lender.
https://github.com/sherlock-audit/2023-03-teller/blob/main/teller-protocol-v2/packages/contracts/contracts/TellerV2.sol#L522-L526 https://github.com/sherlock-audit/2023-03-teller/blob/main/teller-protocol-v2/packages/contracts/contracts/ProtocolFee.sol#L44-L51
Manual Review