In the getCalculatedFee() method the fee is calculated with amount * price / fee_precision. If amount * price is smaller than fee_precision then the resulting fee will be smaller than 1. This will cause the set fee to be 0 while the actual cost is above 0.
Due to the way the fee is calculated in the getCalculatedFee method it is possible for the fee to be set to 0 when the actual cost is above 0. This happens when amount * price < fee_precision. A sophisticated attacker could use this to cause the smart contract to incur a loss repeatedly, causing the smart contract to run out of funds.
The ETH held in the smart contract.
Solidity
Set a minimum fee so that the fee can never be 0. If the calculated fee is 0 then set the fee to this minimum instead, preventing the smart contract from running a loss on transactions with a low calculated fee.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.