multiple rounding down during fee calculations in `onAfterRemoveLiquidity()` cause value leakage
Summary
Multiple consecutive rounding down operations during fee distribution in UpliftOnlyExample::onAfterRemoveLiquidity(), including a critical division rounding, cause cumulative value leakage over time, resulting in lost revenue for both the protocol and LPs.
Vulnerability Details
The contract performs multiple rounding down operations when calculating and distributing fees:
1- Initial division rounding down when setting fee percentage:
2- Second rounding down when calculating exit fee:
3- Third rounding down when calculating admin fee portion:
4- And last calculation with two consecutive rounding downs:
Impact
leakage of value on the long run
Tools Used
Manual Review
Recommendations
its better to round Up for fee calculations, cause it cost nothing for the user withdrawing, but leaks value on the long run for the admin
Lead Judging Commences
Informational or Gas / Admin is trusted / Pool creation is trusted / User mistake / Suppositions
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelyhood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.