When calculate `platformFee` the value should be rounded up
Summary
When calculate platformFee, the value should be rounded up.
Vulnerability Details
When create taker, platformFee is calculate based on depositAmount and platformFeeRate.
However, platformFee is rounded down instead of rounded up, platform fee may not be charged even if the price value is non-trivial.
For example, Gemini USD only have 2 decimals, and it's price pegs to 1u. Assume depositAmount is and platformFeeRate is (), the platformFee will be rounded down to (199 * 5000 / 1000000), hence the loss is approximately 0.01u for each trade.
Impact
Major value leak to the protocol in the long run.
Tools Used
Manual Review
Recommendations
Round up when calculate platformFee.
Lead Judging Commences
finding-PreMarkets-tradeTax-round-down-low-decimal
Valid medium, this will indeed cause a leakage (albeit requires relatively small amount of collateral transacted, and is most significant for lower decimal tokens (does not break ERC20 specifications), resulting in platFormFee rounding to zero and creater of offers not sending fees to capitalPool when `_depositTokenWhenCreateTaker` is invoked. For issues noting rounding directions, it will be low severity given the impact is not proven sufficiently with a PoC/numerical example and most rounding will not result in significant losses. I believe the most appropriate solution here is to increase scale of platFormFees scalar, but to make sure that overflows are considered for higher decimal tokens.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.