NFT Dealers
First Flight #58
Beginner FriendlyFoundry
100 EXP
View all submissions
Previous Next
Submission Details
Impact: high
Likelihood: high

Incorrect constant `LOW_FEE_THRESHOLD` and `MID_FEE_THRESHOLD` assignments

Author Revealed upon completion

Root + Impact

Description

  • The LOW_FEE_THRESHOLDshould be 1 USDC, and MID_FEE_THRESHOLD should be 10 USDC.

  • In the code LOW_FEE_THERSHOLD is set to 1000e6 which is 1000 USDC, and MID_FEE_THRESHOLD to 10_000e6 10000 USDC.

// Root cause in the codebase with @> marks to highlight the relevant section
@> uint256 private constant LOW_FEE_THRESHOLD = 1000e6; // 1.000 USDC
@> uint256 private constant MID_FEE_THRESHOLD = 10_000e6; // 10.000 USDC

Risk

Likelihood:

  • This will affect the way fees are calculated everytime when the payment is collected by a seller.

Impact:

  • Much less fee will be received by the protocol owner due to the incorrectly high fee threshold set in both LOW_FEE_THRESHOLDand MID_FEE_THRESHOLD.

Proof of Concept

The owner receives less fee than expected.

// When a seller sells an NFT for 100 USDC, protocol owner expects to receive 5 USDC as fee.
// But with the two incorrect FEE_THRESHOLD assignments, owner only receives 1 USDC as fee.

Recommended Mitigation

Correct to assign the right values to LOW_FEE_THRESHOLD and MID_FEE_THRESHOLD below.

- uint256 private constant LOW_FEE_THRESHOLD = 1000e6; // 1.000 USDC
- uint256 private constant MID_FEE_THRESHOLD = 10_000e6; // 10.000 USDC
+ uint256 private constant LOW_FEE_THRESHOLD = 1e6; // 1.000 USDC
+ uint256 private constant MID_FEE_THRESHOLD = 10e6; // 10.000 USDC

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!