Loss of precision in fee calculations can lead to small but cumulative bias
Summary
Loss of precision in fee calculations can lead to small but cumulative bias
Vulnerability Details
Integer division hookFee / (1e18 / quantAMMFeeTake) is used when calculating adminFee, which can result in rounding down, slightly favoring the protocol.
Impact
Assuming hookFee is 100 and quantAMMFeeTake is 1e17 (10%), the result will be 10 instead of 10.0, and the difference of 0.0 will be accumulated to ownerFee.
Tools Used
vscode
Recommendations
1. Use a high-precision library for fee calculations, such as OpenZeppelin's SafeMath.
2. Use the same order of multiplication and division in all fee calculations to ensure consistency.
3. Consider extracting all fee-related calculations into a separate library for easier auditing and optimization.
Lead Judging Commences
Informational or Gas / Admin is trusted / Pool creation is trusted / User mistake / Suppositions
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelyhood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.