search

code-423n4 / 2023-11-canto-findings

7 stars 6 forks source link

effective fee management in the getSellPrice function #192

Closed c4-submissions closed 10 months ago

c4-submissions commented 11 months ago

Lines of code

https://github.com/code-423n4/2023-11-canto/blob/main/1155tech-contracts/src/Market.sol#L141

Vulnerability details

Impact

Implementing effective fee management in your Market contract, particularly within the getSellPrice function, is crucial to ensure that the selling of tokens remains viable, even in scenarios where liquidity is low. The goal is to balance the need to generate revenue through fees with the necessity of maintaining an active and liquid market. Here's an approach to achieve this:

Proof of Concept

In the provided code snippet for the Market contract, the following changes have been made to implement dynamic fee management based on liquidity levels:

pragma solidity 0.8.19;

import "@openzeppelin/contracts/token/ERC1155/ERC1155.sol"; import "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol"; import "@openzeppelin/contracts/access/Ownable2Step.sol"; import "../interface/IBondingCurve.sol"; import "../interface/Turnstile.sol";

contract Market is ERC1155, Ownable2Step { IERC20 public immutable token;

// Existing code...

function getSellPrice(uint256 _id, uint256 _amount) public view returns (uint256 price, uint256 fee) {
    address bondingCurve = shareData[_id].bondingCurve;
    (price, fee) = IBondingCurve(bondingCurve).getPriceAndFee(shareData[_id].tokenCount - _amount + 1, _amount);
    fee = adjustFeeBasedOnLiquidity(fee, _id);
}

function adjustFeeBasedOnLiquidity(uint256 baseFee, uint256 shareId) internal view returns (uint256) {
    uint256 liquidityLevel = calculateLiquidityLevel(shareId);
    if (liquidityLevel < LOW_LIQUIDITY_THRESHOLD) {
        return baseFee * LOW_LIQUIDITY_FEE_RATE / 100; // Reduce fee in low liquidity
    }
    // Additional logic for other scenarios...
    return baseFee;
}

function calculateLiquidityLevel(uint256 shareId) internal view returns (uint256) {
    // Logic to determine the liquidity level of a specific share
}

// Existing code...

}

  1. Dynamic Fee Adjustment in getSellPrice Change: Added a call to the new function adjustFeeBasedOnLiquidity within the getSellPrice function. Why: This modification dynamically adjusts the selling fee based on the current liquidity level of the specific share. The goal is to make selling more attractive in low liquidity scenarios and to ensure balanced trading activity.
  2. Liquidity-Based Fee Calculation Change: Introduced the adjustFeeBasedOnLiquidity function. Why: This function calculates the adjusted fee based on the liquidity level of a share. When liquidity is low (below a defined threshold LOW_LIQUIDITY_THRESHOLD), the fee is reduced according to the LOW_LIQUIDITY_FEE_RATE. This incentivizes trading when the market liquidity is not optimal.
  3. Calculating Liquidity Levels Change: Included a placeholder function calculateLiquidityLevel. Why: This function is intended to contain the logic to determine the liquidity level for a given share ID. While the specific implementation details are not provided, this function would typically analyze the market depth, trading volume, or other liquidity indicators.

Tools Used

VS Code

Recommended Mitigation Steps

This approach aims to create a more adaptable and responsive fee structure that can encourage trading activity, particularly in varying liquidity conditions, while ensuring the platform remains sustainable.

Summary of Changes: These changes collectively introduce a mechanism to adaptively adjust fees based on market liquidity conditions. The aim is to encourage trading activity during periods of low liquidity by reducing transaction costs, thereby helping maintain a healthy and active market.

Considerations for Further Development: Implementation of calculateLiquidityLevel: The actual implementation needs to be added based on how liquidity is measured and quantified in your system. Defining Thresholds and Rates: The LOW_LIQUIDITY_THRESHOLD and LOW_LIQUIDITY_FEE_RATE need to be defined and calibrated according to your market's characteristics. Security and Testing: Ensure that the dynamic fee adjustment mechanism is secure against potential manipulation and thoroughly test under various market conditions. User Communication: Clearly communicate to users how fees are calculated and under what conditions they might be adjusted. Transparency is crucial for user trust and acceptance. By implementing these changes, you’re enhancing the Market contract to be more responsive to real-time market conditions, potentially leading to improved liquidity and user experience on the platform.

Assessed type

Access Control

c4-pre-sort commented 11 months ago

minhquanym marked the issue as insufficient quality report

minhquanym commented 11 months ago

Spam

c4-judge commented 10 months ago

MarioPoneder marked the issue as unsatisfactory: Insufficient quality