Precision loss makes it highly likely that no fees will be paid
Summary
Precision loss in onAfterRemoveLiquidity makes it highly likely that no fees will be paid.
Vulnerability Details
Fees are dependent upon localData.lpTokenDepositValueChange, which is susceptible to undergo significant precision loss. localData.lpTokenDepositValueChange will only be > 0 when int256(localData.lpTokenDepositValueNow) - int256(localData.lpTokenDepositValue) >= int256(localData.lpTokenDepositValue). So there can be an up to 99.99% uplift on a token, but there are still no fees incurred.
Impact
It is highly unlikely for fees to be paid, or if fees are paid, the value of the fees will be less than they should actually be.
Tools Used
Manual review
Recommendations
Scale the lpTokenDepositValue change by multiplying by 1e18 or used a fixed point math library like the prb math library for this point in the code.
Lead Judging Commences
finding_onAfterRemoveLiquidity_lpTokenDepositValueChange_rounding_error_100%_minimum
Likelihood: High, every call to the function (withdraw) Impact: Low/Medium, uplift fees will be applied only when the price of one asset is doubled but fixed fees will still be collected.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.