The 1% threshold check is based on the separate quantity for each token rather than the total value
Users can inject a small amount of funds to bypass the feeLiquidity charging logic and ensure maximum liquidity
The attack process is to use flash loans to first deposit and then withdraw to steal part fees. The more idle fees, the greater the attacker's profits.
Mitigation
The team has removed this part of the logic. TokenisableRange fees are no longer compounded directly in TR, but instead sent to the corresponding GeVault.
The team has removed the complex double charging mechanism. Now each deposit will only charge for Liquidity, so attackers can no longer bypass the feeLiquidity relevant logic.
Lines of code
Vulnerability details
Comments
H-04 raised two questions:
The attack process is to use flash loans to first deposit and then withdraw to steal part fees. The more idle fees, the greater the attacker's profits.
Mitigation
Conclusion
LGTM