QuantAMM
QuantAMM
49,600 OP
View results
Previous Next
Submission Details
Severity: high
Valid

Huge precision loss leading to error calculation of adminFee

rzizah

Summary

In onAfterSwap function the calculation of adminFee is as follow

File: UpliftOnlyExample.sol
334: if (quantAMMFeeTake > 0) {
335: uint256 adminFee = hookFee / (1e18 / quantAMMFeeTake);

Which is incorrect due to the multiple-division

The right equation should be:

uint256 adminFee = hookFee * quantAMMFeeTake / 1e18;

POC

Add this test on any test file ex: UpliftExample.t.sol

//test calculate wrong admin fee and the right one
function test_calc_fee() public {
//assume quantAMMFeeTake is 500000000000000009
uint256 quantAMMFeeTake = 500000000000000009;
//assume hookFee is 500000000000000000
uint256 hookFee = 500000000000000000;
uint256 wrongAdminFee = hookFee / (1e18 / quantAMMFeeTake);
uint256 rightAdminFee = hookFee * quantAMMFeeTake / 1e18;
assertNotEq(wrongAdminFee,rightAdminFee);
}

you'll notice that the wrong Fee was 5e17 while the correct one was 250000000000000004
which is a huge loss and an inaccurate calculation of the Fee

Impact

  • precision loss leads to a loss of funds to the owner.

ownerFee = hookFee - adminFee;

Tools Used

Manual review

Recommendations

Use the correct equation as follows

-- uint256 adminFee = hookFee / (1e18 / quantAMMFeeTake);
++ uint256 adminFee = hookFee * quantAMMFeeTake / 1e18;
Updates

Lead Judging Commences

n0kto Lead Judge 11 months ago
Submission Judgement Published
Validated
Assigned finding tags:

finding_onAfterSwap_adminFee_overestimated_solidity_rounding_down

Likelyhood: High, quantAMMFeeTake is a percentage on calculated fees. Being between 30-70% is very likely. Impact: High, fees for LP providers will be lower than expected and 0 if the admin fees is above 50%.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!