Low precision fee calculation
Root + Impact
Description
-
Normal behavior: The protocol charges a fee on each order, calculated as a percentage (FEE) of the order price, using a precision constant (PRECISION).
Example: protocolFee = (order.priceInUSDC * FEE) / PRECISION; -
Issue: With FEE = 3 and PRECISION = 100, the calculation uses integer division. For small order values, this results in the protocol fee being rounded down to zero, allowing users to avoid paying any fee by splitting large orders into many small ones.
Risk
Likelihood:
-
This will occur whenever users create small orders (e.g., less than 34 USDC).
-
Users can intentionally split large trades into many small orders to avoid protocol fees.
Impact:
-
Protocol loses fee revenue on small orders.
-
Potential for fee avoidance by malicious users.
Proof of Concept
A user wants to avoid paying protocol fees by splitting a large trade into many small orders.
Recommended Mitigation
Protocol should increase precision to be able to collect fees on low value orders.
Lead Judging Commences
Fee can be bypassed
Protocol Suffers Potential Revenue Leakage due to Precision Loss in Fee Calculation
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.