Submission Details
Severity:
Wrong Calculation of fee to be deducted in TSwapPool::getInputAmountBasedOnOutput, causing protocol to deduct more fees than it should
Summary
Wrong Calculation of fee to be deducted in TSwapPool::getInputAmountBasedOnOutput, causing protocol to deduct more fees than it should
Vulnerability Details
In TSwapPool::getInputAmountBasedOnOutput function it calculates inputAmount based on outputAmount,inputReserves, outputReserves and then when computing the fee it multiplies by a factor of 10000 instead 1000
Impact
The user gets more fees deducted from them than expected
Tools Used
Manual Review
Recommendations
function getInputAmountBasedOnOutput(
uint256 outputAmount,
uint256 inputReserves,
uint256 outputReserves
)
public
pure
revertIfZero(outputAmount)
revertIfZero(outputReserves)
returns (uint256 inputAmount)
{
- return ((inputReserves * outputAmount) * 10_000) / ((outputReserves - outputAmount) * 997);
+ return ((inputReserves * outputAmount) * 1_000) / ((outputReserves - outputAmount) * 997);
}
Updates
Appeal created
inallhonesty 11 months ago
Submission Judgement Published Assigned finding tags:
Incorrect fee calculation in TSwapPool::getInputAmountBasedOnOutput causes protocol to take too many tokens from users, resulting in lost fees
Rewards breakdown
nSLOC
276This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.