First Flight #18: T-Swap
First Flight #18
Beginner FriendlyDeFiFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Incorrect Fee Calculation in `TSwapPool::getInputAmountBasedOnOutput` Results in Excessive Fees for Users.

waydou

Summary

Incorrect Fee Calculation in TSwapPool::getInputAmountBasedOnOutput Results in Excessive Fees for Users.

Vulnerability Details

The TSwapPool::getInputAmountBasedOnOutput function is designed to calculate the amount of input tokens a user needs to provide to receive a specified amount of output tokens. However, there is a miscalculation in the function. The fee calculation incorrectly scales the amount by 10,000 instead of 1,000.

Impact

Due to this incorrect scaling, the protocol charges users higher fees than intended, resulting in excessive token deductions and financial losses for users.

Tools Used

Manual review

Recommendations

function getInputAmountBasedOnOutput(
uint256 outputAmount,
uint256 inputReserves,
uint256 outputReserves
)
public
pure
revertIfZero(outputAmount)
revertIfZero(outputReserves)
returns (uint256 inputAmount)
{
- return ((inputReserves * outputAmount) * 10_000) / ((outputReserves - outputAmount) * 997);
+ return ((inputReserves * outputAmount) * 1_000) / ((outputReserves - outputAmount) * 997);
}
Updates

Appeal created

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Incorrect fee calculation in TSwapPool::getInputAmountBasedOnOutput causes protocol to take too many tokens from users, resulting in lost fees

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.