Flow
Sablier
FoundryDeFi
20,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Protocol fee should roundup

0xg0p1

Summary

while calculating fee in calculateAmountsFromFee in Helpers.sol the code returns the value by rounding down.

Vulnerability Details

function calculateAmountsFromFee(
uint128 totalAmount,
UD60x18 fee
)
internal
pure
returns (uint128 feeAmount, uint128 netAmount)
{
// Calculate the fee amount based on the fee percentage.
feeAmount = ud(totalAmount).mul(fee).intoUint128();
// Calculate the net amount after subtracting the fee from the total amount.
netAmount = totalAmount - feeAmount;
}

In the above snippet, the fee is calculated as a percentage of the totalAmount. This fee could represent a protocol fee applied when a user withdraws or a broker fee. The issue here is that the fee calculation rounds down towards zero, resulting in small losses for the protocol. Although this may seem minor initially, as the protocol grows and this rounding occurs repeatedly, the accumulated loss could become significant due to the consistent rounding down.

Impact

This vulnerability leads to cumulative financial losses for the protocol due to repeated rounding down of fees. Over time, these small discrepancies add up, reducing revenue, impacting financial sustainability, and potentially requiring adjustments to fee rates to compensate.

Tools Used

Manual Review

Recommendations

Roundup while calculating fee

Updates

Lead Judging Commences

inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.