RebateFi Hook
First Flight #53
Beginner FriendlyDeFi
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

Incorrect fee denominator causes 10x inflated fee amount in ReFiSold event

nutledger

Root + Impact

Description

  • The _beforeSwap function calculates the fee amount to emit in the ReFiSold event, providing users and off-chain systems with information about the fee charged during a sell transaction.

  • The calculation uses an incorrect denominator of 100000, while Uniswap V4's LP fee system uses 1_000_000 as the denominator (where 1_000_000 = 100%). This causes the emitted feeAmount to be 10 times larger than the actual fee taken by the protocol.

function _beforeSwap(
address sender,
PoolKey calldata key,
SwapParams calldata params,
bytes calldata
) internal override returns (bytes4, BeforeSwapDelta, uint24) {
bool isReFiBuy = _isReFiBuy(key, params.zeroForOne);
uint256 swapAmount = params.amountSpecified < 0
? uint256(-params.amountSpecified)
: uint256(params.amountSpecified);
uint24 fee;
if (isReFiBuy) {
fee = buyFee;
emit ReFiBought(sender, swapAmount);
} else {
fee = sellFee;
// @> Incorrect denominator: 100000 instead of 1_000_000
// @> With sellFee = 3000: shows 3% instead of actual 0.3%
uint256 feeAmount = (swapAmount * sellFee) / 100000;
emit ReFiSold(sender, swapAmount, feeAmount);
}
return (
BaseHook.beforeSwap.selector,
BeforeSwapDeltaLibrary.ZERO_DELTA,
fee | LPFeeLibrary.OVERRIDE_FEE_FLAG // @> This fee uses correct 1_000_000 denominator
);
}

Risk

Likelihood:

  • Every sell transaction emits the ReFiSold event with inflated fee data

  • The default sellFee = 3000 will display as 3% fee instead of the actual 0.3%

Impact:

  • Users checking transaction events will see 10x higher fees than actually charged, causing confusion and loss of trust

  • Analytics dashboards, trading bots, and portfolio trackers parsing these events will show incorrect fee metrics

  • Financial reporting and tax calculations based on event data will be materially inaccurate

  • Discrepancy between advertised/documented fees and event data may raise compliance concerns

Proof of Concept

Add the following test to RebateFiHookTest.t.sol. The test demonstrates that the fee amount calculation in the event uses an incorrect denominator, resulting in a 10x inflation compared to the actual Uniswap V4 fee mechanics:

function test_FeeCalculationMismatch() public {
uint256 swapAmount = 1 ether;
uint24 sellFee = 3000; // Default value
// Incorrect calculation in contract (denominator 100000)
uint256 incorrectFeeAmount = (swapAmount * sellFee) / 100000;
// Result: 0.03 ether (3%)
// Correct calculation per Uniswap V4 (denominator 1_000_000)
uint256 correctFeeAmount = (swapAmount * sellFee) / 1_000_000;
// Result: 0.003 ether (0.3%)
assertEq(incorrectFeeAmount, 0.03 ether); // What event shows
assertEq(correctFeeAmount, 0.003 ether); // What Uniswap actually charges
// Event shows 10x more than reality
assertEq(incorrectFeeAmount / correctFeeAmount, 10);
}

Recommended Mitigation

Update the fee calculation denominator to match Uniswap V4's LP fee system, where fees are expressed in hundredths of a bip (1_000_000 = 100%):

} else {
fee = sellFee;
- uint256 feeAmount = (swapAmount * sellFee) / 100000;
+ uint256 feeAmount = (swapAmount * sellFee) / 1_000_000;
emit ReFiSold(sender, swapAmount, feeAmount);
}
Updates

Lead Judging Commences

chaossr Lead Judge 12 days ago
Submission Judgement Published
Validated
Assigned finding tags:

Incorrect denominator (100000 instead of likely 1000000 or 10000) in fee calculation for ReFiSold event.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!