search

code-423n4 / 2022-01-trader-joe-findings

2 stars 0 forks source link

user can withdraw avax without paying penalty fees #312

Closed code423n4 closed 2 years ago

code423n4 commented 2 years ago

Handle

hack3r-0m

Vulnerability details

https://github.com/code-423n4/2022-01-trader-joe/blob/main/contracts/LaunchEvent.sol#L349

uint256 feeAmount = (_amount * getPenalty()) / 1e18;

if _amount * getPenalty() is less than 1 AVAX (10e18), then feeAmount is 0 and user does not have to pay fees.

Tools Used

Manual Review

Recommended Mitigation Steps

Scale-up withdraws the amount before dividing, you can also take a lot at WadRay math library.

cryptofish7 commented 2 years ago

getPenalty() returns the penalty scaled to 1e18, i.e. 3% is 3e16. This is explained in natspecs

cryptofish7 commented 2 years ago

getPenalty() returns the penalty scaled to 1e18, i.e. 3% is 3e16. This is explained in natspecs

dmvt commented 2 years ago

Sponsor's explanation checks out. Invalid.