Flow
Sablier
FoundryDeFi
20,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Incorrect calculation of amounts from fees during withdrawal

eason

Summary

Incorrect calculation of amounts from fees during withdrawal

Vulnerability Details

When calling _withdraw(), a fee must be paid if protocolFee is greater than 0 at SablierFlow.sol:848

From the comments, we understand that the fee is expressed as a percentage, where 1e18 represents 100%, and the maximum fee is 0.1e18 (10%).

In the calculateAmountsFromFee function, the totalAmount is the input amount, and the fee has 18 decimals. This leads to an incorrect calculation of the feeAmount and netAmount.

function calculateAmountsFromFee(
uint128 totalAmount,
UD60x18 fee
)
internal
pure
returns (uint128 feeAmount, uint128 netAmount)
{
// Calculate the fee amount based on the fee percentage.
feeAmount = ud(totalAmount).mul(fee).intoUint128();
// Calculate the net amount after subtracting the fee from the total amount.
netAmount = totalAmount - feeAmount;
}

Impact

  • Incorrect calculation of feeAmount and netAmount

  • The protocol receives more tokens than intended, while users withdraw fewer tokens than they should.

Tools Used

Manual code review

Recommendations

{
// Calculate the fee amount based on the fee percentage.
- feeAmount = ud(totalAmount).mul(fee).intoUint128();
+ feeAmount = ud(totalAmount).mul(fee).div(UD60x18.wrap(1e18)).intoUint128();
// Calculate the net amount after subtracting the fee from the total amount.
netAmount = totalAmount - feeAmount;
Updates

Lead Judging Commences

inallhonesty Lead Judge
about 1 year ago
inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.