Fees are never collected from the Lending Pool
Overview
the lending pool contract contains functions to set the protocol fees which can be called by the owner.
This function enables the owner to define the fee percentage that should be charged on lending transactions.
However, there are no implementations in the contract where users are actually charged fees.
For example, in functions like repay, which handles debt repayment, no fee deductions take place:
When the protocol is deployed the initial protocol fees is set to 0. This means that even if fee logic was present, no fees would be collected until the owner sets a non-zero fee rate.
However, even after setting a fee rate, the contract lacks the logic to actually charge it.
given that the protocol intends to charge fees the contract should have implementations that enable fee calculations that should be charged later when the fee rates are set
Impact
Loss to the protocol
Recommendation
Implement fee deducting in areas where protocol needs fees to be charged.
Lead Judging Commences
Protocol fees are deducted from depositor returns in liquidity rate calculations but never collected/transferred to protocol treasury, causing value loss
Protocol fees are deducted from depositor returns in liquidity rate calculations but never collected/transferred to protocol treasury, causing value loss
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.