Pieces Protocol
First Flight #32
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

Zero Fee for Low-Value Orders Due to Integer Division

0x180db

Summary

The fee calculation in the buyOrder function incorrectly calculates fees for orders with prices less than 100 wei, resulting in zero fees being charged.

Vulnerability Details

In the buyOrder function, fees are calculated using integer division:

uint256 fee = order.price / 100;
uint256 sellerFee = fee / 2;

Due to Solidity's integer division behavior, any order price less than 100 wei will result in fee = 0 since price/100 rounds down to 0. This means:

  1. No platform fee is collected

  2. No seller fee is deducted

  3. The full amount goes to the seller

Impact

  • Loss of revenue for the platform on low-value transactions

  • Potential exploitation by users creating multiple small orders to avoid fees

  • Inconsistent fee application across different order values

Tools Used

  • Manual code review

  • Performing formal verification with Quint

Recommendations

  1. Use basis points (bps) and multiply first before dividing to avoid rounding issues:

uint256 fee = (order.price * FEE_BPS) / 10000; // e.g. FEE_BPS = 100 for 1%
uint256 sellerFee = (order.price * SELLER_FEE_BPS) / 10000;

  1. Add minimum order value checks:

require(order.price >= MINIMUM_ORDER_VALUE, "Order value too low");
Updates

Lead Judging Commences

fishy Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Precision loss

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.