Submission Details
Impact:
Likelihood:
Lack of granularity in the Snow fee
Root + Impact
Description
-
The deployer of the system wants to configure a Fee for buying Snow token in WETH/ETH
-
The minimal unit allowed by the Snow contract is 1 ETH/WETH and it does not allow subfractions of that, meaning the fee has to be an integer number of ETH/WETH
constructor(address _weth, uint256 _buyFee, address _collector) ERC20("Snow", "S") Ownable(msg.sender) {
...
// @audit LOW Because of the multiplication, the buy fee is set to 18 decimals precision always, so only integer values of WETH/ETH
s_buyFee = _buyFee * PRECISION;
Risk
Likelihood:
It will always happen
Impact:
Medium because it could impact the pricing of the Snow token and it cannot be adjusted to values in between
Proof of Concept
The proof is in the code itself as the buyFeeis multiplied by the PRECISION
s_buyFee = _buyFee * PRECISION;
Recommended Mitigation
Instead of having PRECISION in the code, the buyFeeshould carry the value in wei
constructor(address _weth, uint256 _buyFee, address _collector) ERC20("Snow", "S") Ownable(msg.sender) {
...
// @audit LOW Because of the multiplication, the buy fee is set to 18 decimals precision always, so only integer values of WETH/ETH
s_buyFee = _buyFee;
Rewards breakdown
nSLOC
215This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.