QuantAMM
QuantAMM
49,600 OP
View results
Previous Next
Submission Details
Severity: low
Invalid

Ensuring Valid Fee Basis Points for Uplift and Minimum Withdrawal Fees

brene

Summary

The UpliftOnlyExample contract defines upliftFeeBps and minWithdrawalFeeBps as critical parameters used in fee calculations. These values, expressed in basis points (1/10000), determine the fees charged during withdrawal and uplift operations. Without proper validation during deployment, inappropriate values could result in excessive, negligible, or illogical fees, potentially causing financial losses or unintended contract behavior.

Vulnerability Details

The constructor of the UpliftOnlyExample contract does not currently validate the values of _upliftFeeBps and _minWithdrawalFeeBps. These parameters are directly passed into the contract without checks

constructor(
IVault vault,
IWETH weth,
IPermit2 permit2,
uint64 _upliftFeeBps,
uint64 _minWithdrawalFeeBps,
address _updateWeightRunnerParam,
string memory version,
string memory name,
string memory symbol
) MinimalRouter(vault, weth, permit2, version) Ownable(msg.sender) {
require(bytes(name).length > 0 && bytes(symbol).length > 0, "NAMEREQ"); //Must provide a name / symbol
lpNFT = new LPNFT(name, symbol, address(this));
upliftFeeBps = _upliftFeeBps;
minWithdrawalFeeBps = _minWithdrawalFeeBps;
_updateWeightRunner = _updateWeightRunnerParam;
}

Impact

If _upliftFeeBps or _minWithdrawalFeeBps exceeds 10000 (100%), fees could surpass the total transaction value, rendering the system unusable. Also setting the fees to extremely low values (e.g., 0 or 1 basis point) could undermine the financial sustainability of the system by failing to collect meaningful fees hence users could face unfair or unintended fee structures. Excessive fees could deter usage, while negligible fees could result in loss of confidence in the system's financial integrity.

Tools Used

Manual Review

Recommendations

Implement validation checks in the constructor to ensure that _upliftFeeBps and _minWithdrawalFeeBps fall within appropriate bounds.

constructor(
IVault vault,
IWETH weth,
IPermit2 permit2,
uint64 _upliftFeeBps,
uint64 _minWithdrawalFeeBps,
address _updateWeightRunnerParam,
string memory version,
string memory name,
string memory symbol
) MinimalRouter(vault, weth, permit2, version) Ownable(msg.sender) {
require(bytes(name).length > 0 && bytes(symbol).length > 0, "NAMEREQ"); //Must provide a name / symbol
+ require(_upliftFeeBps > 0 && _upliftFeeBps <= 10000, "Invalid upliftFeeBps");
+ require(_minWithdrawalFeeBps > 0 && _minWithdrawalFeeBps <= 10000, "Invalid minWithdrawalFeeBps");
lpNFT = new LPNFT(name, symbol, address(this));
upliftFeeBps = _upliftFeeBps;
minWithdrawalFeeBps = _minWithdrawalFeeBps;
_updateWeightRunner = _updateWeightRunnerParam;
}
Updates

Lead Judging Commences

n0kto Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Informational or Gas / Admin is trusted / Pool creation is trusted / User mistake / Suppositions

Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelyhood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!