RebateFi Hook

First Flight #53

Beginner FriendlyDeFi

100 EXP

View results

Previous Next

Submission Details

Impact: high

Likelihood: high

Invalid

Swap `seelFee` Incorrectly Applied To Each Transaction Causing Over/Under Charging of Fees

cyfe45

Description

For a sell transaction the ReFiSwapRebateHook contract only applies a static 3_000 fee to each transaction irrespective of transaction size rather than the documented 0.3% sell fee.

Impacted Code:

function _beforeSwap(

address sender,

PoolKey calldata key,

IPoolManager.SwapParams calldata params,

bytes calldata

) internal override returns (bytes4, BeforeSwapDelta, uint24) {

bool isReFiBuy = _isReFiBuy(key, params.zeroForOne);

uint256 swapAmount = params.amountSpecified < 0

? uint256(-params.amountSpecified)

: uint256(params.amountSpecified);

uint24 fee;

if (isReFiBuy) {

fee = buyFee;

emit ReFiBought(sender, swapAmount);

} else {

@> fee = sellFee;

uint256 feeAmount = (swapAmount * sellFee) / 100000;

emit ReFiSold(sender, swapAmount, feeAmount);

}

return (

BaseHook.beforeSwap.selector,

BeforeSwapDeltaLibrary.ZERO_DELTA,

fee | LPFeeLibrary.OVERRIDE_FEE_FLAG

}

The fee calculation should be based on a dynamic calculation not a flat 3_000 fee irrespective of transaction size.

Risk

Likelihood:

Likelihood is High - All sell transactions will have the incorrect over/under-charged fees applied.
Rather than charging the documented 0.3%, the protocol is charging 3_000 per sell transaction.

Impact:

Impact is High - The protocol documents a standard 0.3% fee, but instead charges 3_000 per transaction.
Should a transaction be less than 3_000, the customer is likely to get nothing in return as the fee amount takes everything.
Similarly for large transactions the protocol would undercharge fees.

Proof of Concept

The following is currently occurring:

Example 1:

A customer wants to swap 10_000.
They expect a fee of 30 (10_000 * 0.3%), but is instead charged 3_000
They are now out of pocket by a substantial amount.

Example 2:

A customer wants to swap 1_000.
They expect a fee of 3 (1_000 * 0.3%), but is instead charged a fee of 3_000, which is more than the transaction value.
They get nothing back as the fee has taken all.

Example 3:

A customer wants to swap 10_000_000.
They expect a fee of 30_000 (10_000_000 * 0.3%), but is instead charged a lower fee of 3_000.
The customer is able to receive more than they should.

Recommended Mitigation

To ensure the protocol applies the correct fee the below code change should be applied.

- fee = sellFee;

+ fee = (swapAmount * sellFee) / 1_000_000;

Updates

Lead Judging Commences

chaossr Lead Judge

15 days ago

chaossr Lead Judge 12 days ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

nSLOC

150

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!