Zaros Part 1
Zaros
DeFiFoundry
60,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Skew can be used to force users pay more fees

SBSecurity

Summary

Traders can be force intentionally or not to pay more fees, due to the nature of maker/taker fees. If order is executed before their (not frontrun, but keeper decided to execute it first), flips the skew, aka it goes to 0 and beyond will make the next order taker which is the case when user is paying more fee.

Vulnerability Details

When the skew is negative we should open longs to balance the price, but a malicious user can initiate an order, that is executed before the previous one, which already flips the skew to be positive, then when the first order is executed and since it is long it will bring the skew to +ve infinity and will pay taker (higher fee) skew = -5, order A = 5, order B = 6 order B is executed first, skew = 1, this pays maker fee for 5 tokens and taker fee for 1 token order A is executed second, skew = 6, this pays take fee for all the 5 tokens.

Impact

Traders will pay more fee if order before them flipped the skew.

Tools Used

Manual Review

Recommendations

Enforce sequential order execution by the keeper.

Updates

Lead Judging Commences

inallhonesty Lead Judge
about 1 year ago
inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Design choice

Appeal created

blckhv Submitter
about 1 year ago
inallhonesty Lead Judge
about 1 year ago
inallhonesty Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.