BriVault
First Flight #52
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Impact: medium
Likelihood: high
Invalid

Fee bypass via truncation

bigchapo21

Root + Impact

Description

  • When users deposit funds, the function '_getParticipationFee' is called to generate fees users are supposed to pay

  • The protocol calculates the participation fee using integer division, which inherently truncates (rounds down) the result, leading to a fee of zero for any deposit below a certain threshold(BASE = 10,000). An attacker can exploit this behavior to deposit a large amount of assets in smaller amounts while paying zero total fee, resulting in a significant loss of revenue for the protocol.

function _getParticipationFee(uint256 assets) internal view returns (uint256) {
return (assets * participationFeeBsp) / BASE;
}

Risk

Likelihood:

  • When user deposits an asset that when multiplied with the participation fee it is below 10,000(Base)

Impact:

  • Fee bypass by users who see this vuln

  • Loss of revenue for the protocol

Proof of Concept

Recommended Mitigation

- return (assets * participationFeeBsp) / BASE;
+ return ((assets * participationFeeBsp) + BASE - 1) / BASE;
The developer must replace the current simple division with the standard Solidity safe round-up formula:
Updates

Appeal created

bube Lead Judge 19 days ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!