Incorrect Profit Calculation for Fee in `UpliftOnlyExample.sol`
Summary
In the UpliftOnlyExample.sol contract, users pay an uplift fee on profits when they remove liquidity. However, the current formula for profit calculation is flawed:
This formula only charges the uplift fee when the user earns 100% profit, instead of charging for any profit made.
Vulnerability Details
The profit is incorrectly normalized by dividing by localData.lpTokenDepositValue.
As a result, when a user earns less than 100% profit, the calculated lpTokenDepositValueChange remains 0, and no uplift fee is applied.
Impact
Loss of fee for the protocol.
Tools Used
Manual Review
Recommendations
Correct the Profit Calculation Formula.
Lead Judging Commences
finding_onAfterRemoveLiquidity_lpTokenDepositValueChange_rounding_error_100%_minimum
Likelihood: High, every call to the function (withdraw) Impact: Low/Medium, uplift fees will be applied only when the price of one asset is doubled but fixed fees will still be collected.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.