Tadle
Tadle
DeFiFoundry
27,750 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Loss of Bonus for Referrers and Authorities Due to Precision Error

krisrenzo

Summary

A precision error in the calculation of bonuses for referrers and authorities leads to potential loss of their rewards.

Vulnerability Details

Key Variables

Context

When users call PreMarkets::createOffer to create stock, they are charged a platformFee using the platformFeeRate. The platformFeeRate is always <= PLATFORM_FEE_DECIMAL_SCALER, as enforced in SystemConfig::updateUserPlatformFeeRate:

function updateUserPlatformFeeRate(
address _accountAddress,
uint256 _platformFeeRate
) external onlyOwner {
require(
_platformFeeRate <= Constants.PLATFORM_FEE_DECIMAL_SCALER,
"Invalid platform fee rate"
);
userPlatformFeeRate[_accountAddress] = _platformFeeRate;
emit UpdateUserPlatformFeeRate(_accountAddress, _platformFeeRate);
}

The platformFee is shared between the platform, referrer, and authority. While the role of the authority is not clearly defined in Tadle's documentation, the referrer is described as follows:

"Users can share their referral link and refer their friends and peers to trade on Tadle. Once the peers have signed up and completed a trade on Tadle, the referrer will earn a 30% commission on their referred peers’ transaction fees."
Tadle Referral Program

The Problem

The way referrerReferralBonus and authorityReferralBonus are calculated can lead to situations where these actors receive zero fees due to precision issues.

uint256 referrerReferralBonus = platformFee.mulDiv(
referralInfo.referrerRate,
Constants.REFERRAL_RATE_DECIMAL_SCALER,
Math.Rounding.Floor
);
uint256 authorityReferralBonus = platformFee.mulDiv(
referralInfo.authorityRate,
Constants.REFERRAL_RATE_DECIMAL_SCALER,
Math.Rounding.Floor
);

Note that referralInfo.referrerRate is always less than REFERRAL_RATE_DECIMAL_SCALER, as enforced in SystemConfig::updateReferrerInfo.

Proof of Concept

This Proof of Concept (PoC) demonstrates how referrers and authorities can miss out on their bonuses due to precision errors.

Consider a scenario where a user makes a 1,000 wei trade. Let's assume:

  • depositAmount: 1,000 wei

  • platformFeeRate: 500,000

  • referralRate: 300,000 (30%)

The platformFee would be calculated as follows:

platformFee = (1_000 wei * 500_000) / 1_000_000 = 0 wei

Since the platformFee is 0 wei, the referrerReferralBonus and authorityReferralBonus would also be 0 wei:

referrerReferralBonus = 0 wei
authorityReferralBonus = 0 wei

This results in the referrer and authority receiving no bonuses.

Impact

Referrers lose their rewards. Although the loss per transaction is small, the frequency of this issue makes it significant.

Tools Used

Manual

Recommendations

Scale all variables in the calculation to the same decimal precision to avoid precision errors.

Updates

Lead Judging Commences

0xnevi Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

finding-PreMarkets-tradeTax-round-down-low-decimal

Valid medium, this will indeed cause a leakage (albeit requires relatively small amount of collateral transacted, and is most significant for lower decimal tokens (does not break ERC20 specifications), resulting in platFormFee rounding to zero and creater of offers not sending fees to capitalPool when `_depositTokenWhenCreateTaker` is invoked. For issues noting rounding directions, it will be low severity given the impact is not proven sufficiently with a PoC/numerical example and most rounding will not result in significant losses. I believe the most appropriate solution here is to increase scale of platFormFees scalar, but to make sure that overflows are considered for higher decimal tokens.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.