Governance Fee Calculation Allows Small Profits to Bypass Fee Collection
Summary
The _transferToken function calculates governance fees as a percentage of the difference between amount and depositInfo[depositId].amount. However, when this difference is small, the computed fee rounds to zero, meaning no governance fee is deducted, and the user receives the entire amount despite making a profit.
Vulnerability Details
The governance fee is computed as:
Given that governanceFee = 500 (5%) and BASIS_POINTS_DIVISOR = 10_000, the fee calculation rounds down to zero for small differences between amount and depositInfo[depositId].amount. When fee == 0, no funds are transferred to the treasury.
Impact
The contract fails to collect governance fees in cases where profits are small, resulting in a loss of revenue for the protocol.
Tools
Manual Review
Recommendations
Implement a minimum fee threshold to ensure that any positive profit incurs at least a small fee.
Lead Judging Commences
Informational or Gas
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelihood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.