Part 2
Zaros
PerpetualsDEXFoundrySolidity
70,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Refund Does Not Reimburse Gas Costs in StabilityBranch::refundSwap

shrxyeh

Summary

When a swap request expires, the refundSwap function refunds the USD amount net of the base fee. Thus, users incur the cost of gas for both initiating and refunding the swap, in addition to losing the base fee even though no swap service was rendered.

Vulnerability Details

A simplified outline of the refund process:

function refundSwap(request) {
let baseFee = tokenSwapData.baseFeeUsd;
// Base fee is deducted from the refunded amount.
let refundAmount = request.amountIn - baseFee;
// The base fee is distributed to protocol fee recipients.
distributeProtocolFee(baseFee);
transfer(usdToken, user, refundAmount);
}

Impact

  • Double Gas Expense: Users pay gas twice—once to initiate the swap and again to obtain a refund.

  • Loss of Funds: The base fee is forfeited despite no service being provided, reducing overall user funds and satisfaction.

Tools Used

  • Manual code review

  • Transaction cost analysis

  • Simulation tests

Recommendations

  • Refund Design Revision: Consider refunding the base fee if a swap is not fulfilled.

  • User Incentives: Explore compensatory mechanisms to cover gas costs incurred on refunds.

  • Clear Communication: Ensure UI and documentation clearly explain the fee structure to users.

Updates

Lead Judging Commences

inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!