Pieces Protocol

First Flight #32

Beginner FriendlyFoundrySolidityNFT

100 EXP

View results

Previous Next

Submission Details

Severity: low

Valid

The current protocol design allows a seller to easily bypass the `sellerFees` implemented for using the protocol

riceee

Summary

in TokenDivider::buyOrder when a buyer wants to buy a sell order, he has to send the amount of Ether equal to the sell order price + protocol fees. The seller's fees are then subtracted from the order price. In the current implementation the fee protocol fees and sellerFee are calculated as follows:

uint256 fee = order.price / 100;

uint256 sellerFee = fee / 2;

Due to integer division truncation, orders priced below 200 wei result in zero seller fees and reduced protocol fees. This creates a loophole where sellers can split large orders into smaller ones (each <200 wei) to avoid paying fees entirely.

Additionally, the protocol fees can be bypassed too if the price of each order is below 100 wei.

Vulnerability Details

Example Scenarios

Case 1: Ten Orders at 150 Wei Each

Per-Order Calculation:

order.price = 150 wei

fee = 150 / 100 = 1 wei (truncated)

sellerFee = 1 / 2 = 0 wei

Total Fees per Order: 1 wei (protocol) + 0 wei (seller) = 1 wei

Total for 10 Orders:

Protocol Fees: 10 * 1 wei = 10 wei

Seller Fees: 0 wei

Case 2: One Combined Order at 1500 Wei

Calculation:

order.price = 1500 wei

fee = 1500 / 100 = 15 wei

sellerFee = 15 / 2 = 7 wei (truncated)

Total Fees: 15 wei (protocol) + 7 wei (seller) = 22 wei

Key Observation:
Splitting a 1500 wei order into ten 150 wei orders reduces total fees from 22 wei to 10 wei, costing the protocol 55% of its revenue.

Impact

Malicious users can bypass fees by splitting orders into amounts below 200 wei.

Tools Used

Manual Review

Recommendations

in TokenDivider::sellERC20 we can add a validation check for price parameter to be more than 199 wei.

Updates

Lead Judging Commences

fishy Lead Judge 7 months ago

Submission Judgement Published

Validated

Assigned finding tags:

Precision loss

Rewards breakdown

nSLOC

181

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.