BriVault
First Flight #52
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Impact: medium
Likelihood: low
Invalid

`deposit` Function Fails to Ensure Protocol Fee Collection

minos

deposit Function Fails to Ensure Protocol Fee Collection

Description

  • When users call the deposit function to add funds, the protocol is expected to charge a percentage-based fee.

  • However, due to flaws in the fee calculation logic, integer division truncation (floor division) may occur, allowing users to deposit funds successfully without paying any fees.

function deposit(uint256 assets, address receiver) public override returns (uint256) {
// Original code ...
uint256 fee = _getParticipationFee(assets);
// Charge on a percentage basis points
@> if (minimumAmount + fee > assets) {
revert lowFeeAndAmount();
}
// Original code ...
}
function _getParticipationFee(uint256 assets) internal view returns (uint256) {
@> return (assets * participationFeeBsp) / BASE;
}

Risk

Likelihood

  • Occurs only when minimumAmount and participationFeeBsp are sufficiently small.

Impact

  • Under these minimal parameter conditions, users could deposit dust amounts multiple times, gaining an unfair advantage over users who pay fees as required.

Proof of Concept

  • Add the following function to test/BriVaultTest.t.sol and run forge test --mt test__deposit_withZeroFee -vv:

function test__deposit_withZeroFee() public {
// Admin deploys the vault with specific parameters.
vm.prank(owner);
BriVault briVaultNew = new BriVault(
IERC20(address(mockToken)),
100,
block.timestamp + 2 days,
participationFeeAddress,
99,
block.timestamp + 30 days
);
// User1 deposits the minimum required amount, but the protocol charges 0 fees.
vm.startPrank(user1);
uint256 amount = briVaultNew.minimumAmount();
mockToken.approve(address(briVaultNew), amount);
briVaultNew.deposit(amount, user1);
vm.stopPrank();
// Verify that User1's deposited funds are fully intact (no fees deducted).
vm.assertTrue(briVaultNew.stakedAsset(user1) == amount);
}

  • Console output:

Ran 1 test for test/briVault.t.sol:BriVaultTest
[PASS] test__deposit_withZeroFee() (gas: 3647828)
Suite result: ok. 1 passed; 0 failed; 0 skipped; finished in 2.26ms (334.90µs CPU time)

Recommended Mitigation

  • A straightforward fix is to set a minimum fee threshold, ensuring the collected fee never falls below this value:

+ uint256 constant MIN_FEE = 10000;
function _getParticipationFee(uint256 assets) internal view returns (uint256) {
+ uint256 feeAmount = (assets * participationFeeBsp) / BASE;
+ if (feeAmount < MIN_FEE) {
+ feeAmount = MIN_FEE;
+ }
+ return feeAmount;
- return (assets * participationFeeBsp) / BASE;
}
Updates

Appeal created

bube Lead Judge 21 days ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!