`UpliftOnlyExample` not compatible with Low-Decimal Tokens like `GUSD`
Summary
A critical vulnerability exists in the UpliftOnlyExample contract where the swap fee calculation mechanism can be circumvented when interacting with tokens having low decimal precision. This vulnerability enables users to conduct substantial trades while evading fee payments, potentially causing significant protocol revenue leakage.
Vulnerability Details
The vulnerability stems from integer division rounding behavior in the fee calculation logic of UpliftOnlyExample.sol:
https://github.com/Cyfrin/2024-12-quantamm/blob/a775db4273eb36e7b4536c5b60207c9f17541b92/pkg/pool-hooks/contracts/hooks-quantamm/UpliftOnlyExample.sol#L293-L299
Any amount where baseUnits * feeRate < 1e18 results in zero fees.
This can be easily achieved for very low decimal tokens. One such token is GUSD with decimals=2.
Impact
Systematic fee evasion through precision manipulation
Tools Used
Manual Review
Recommendations
Use fee brackets with minimum absolute fee
Lead Judging Commences
finding_tokens_with_few_decimals_can_bypass_fees
Likelyihood: Very Low, tokens with 2 or less decimals and few fees. Impact: Low, bypass fees but for very few amounts, gas usage will be equivalent. (No reason to break a big swap in multiple)
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.