Pieces Protocol
First Flight #32
Beginner FriendlyFoundrySolidityNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

Fee Rounding to Zero in buyOrder Function

sauronsol

Description

The buyOrder function calculates fees using integer division (fee = order.price / 100), which can result in fees being rounded down to zero for small order amounts. This creates an economic vulnerability where small orders can bypass the fee mechanism entirely.

Impact

  • Loss of Protocol Revenue: Orders with prices less than 100 wei will generate no fees

  • Economic Imbalance: Incentivizes splitting large orders into multiple small orders to avoid fees

  • Protocol Sustainability: Reduced fee collection affects protocol maintenance and development

Proof of Concept

function testFeeRoundingToZero() public {
// Buy order with small price (50 wei)
vm.deal(BUYER, SMALL_PRICE + 1);
vm.prank(BUYER);
tokenDivider.buyOrder{value: SMALL_PRICE + 1}(0, SELLER);
// Fee is rounded to 0 (50/100 = 0 in integer division)
uint256 finalOwnerBalance = address(tokenDivider.owner()).balance;
uint256 expectedFee = SMALL_PRICE / 100; // = 0
assertEq(finalOwnerBalance, 0, "Fee should be 0 due to integer division rounding");
}

Tools Used

  • Manual code review

  • Foundry for testing

  • Mathematical analysis

Recommendations

  1. Implement a minimum fee amount for all orders

  2. Use basis points (10000) instead of percentage (100) for more precise fee calculations

  3. Consider using fixed-point arithmetic for fee calculations

Updates

Lead Judging Commences

fishy Lead Judge 5 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Precision loss

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.