Tadle

Tadle
DeFi
30,000 USDC
View results
Submission Details
Severity: medium
Valid

Platform Fees Can Be Bypassed for Low Decimal Standard ERC20 Tokens

Summary

Vulnerability Details

In the PreMarkets.sol contract, the platform fee calculation can be bypassed for ERC20 tokens with low decimal precision, such as Gemini USD (GUSD), which has only 2 decimals. This issue arises due to the way the platform fee is calculated using a fixed decimal scaler (PLATFORM_FEE_DECIMAL_SCALER), which does not account for tokens with fewer than 18 decimals.

uint256 platformFee = depositAmount.mulDiv(
platformFeeRate,
Constants.PLATFORM_FEE_DECIMAL_SCALER
);

And the constant definition in Constants.sol:

uint256 internal constant PLATFORM_FEE_DECIMAL_SCALER = 1_000_000;

Example:
let say,

depositAmount : 100e2

platformFeeRate : 0.5% i.e 50

uint256 platformFee = 10,000 * 50 / 1,000,000;
uint256 platformFee = 500,000 / 1,000,000;
uint256 platformFee = 0;

as we can see from above the platform fee can be bypassed

note:note that this is one of the example ,refer below for list of tokens which has less than e18 decimals

https://gist.githubusercontent.com/lukas-berlin/f587086f139df93d22987049f3d8ebd2/raw/1f937dc8eb1d6018da59881cbc633e01c0286fb0/Tokens missing return values in transfer

Impact

Platform fees can be bypassed

Tools Used

Recommendations

Updates

Lead Judging Commences

0xnevi Lead Judge 10 months ago
Submission Judgement Published
Validated
Assigned finding tags:

finding-PreMarkets-tradeTax-round-down-low-decimal

Valid medium, this will indeed cause a leakage (albeit requires relatively small amount of collateral transacted, and is most significant for lower decimal tokens (does not break ERC20 specifications), resulting in platFormFee rounding to zero and creater of offers not sending fees to capitalPool when `_depositTokenWhenCreateTaker` is invoked. For issues noting rounding directions, it will be low severity given the impact is not proven sufficiently with a PoC/numerical example and most rounding will not result in significant losses. I believe the most appropriate solution here is to increase scale of platFormFees scalar, but to make sure that overflows are considered for higher decimal tokens.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.