code-423n4 / 2023-11-shellprotocol-findings

7 stars 7 forks source link

Potential Incorrect Fee Calculation Due to Zero unwrapAmount in _calculateUnwrapFee Function #233

Closed c4-bot-2 closed 10 months ago

c4-bot-2 commented 10 months ago

Lines of code

https://github.com/code-423n4/2023-11-shellprotocol/blob/485de7383cdf88284ee6bcf2926fb7c19e9fb257/src/ocean/Ocean.sol#L1158

Vulnerability details

Impact

The _calculateUnwrapFee function in the project is designed to calculate fees by dividing the unwrapAmount by unwrapFeeDivisor. However, there is a potential issue when unwrapAmount is zero. This scenario leads to a fee calculation of zero, which may not be the intended behaviour, especially if the function is widely used across the project.

Proof of Concept

When unwrapAmount is zero, the function returns a fee of zero. This could lead to incorrect fee processing in scenarios where a non-zero fee is expected, even for zero unwrapAmount. This could potentially lead to financial discrepancies, especially in scenarios where fees are expected to be charged regardless of the unwrapAmount. It could also affect the integrity of fee-related operations within the system.

Recommended Mitigation Steps

A potential fix would be to implement a check for unwrapAmount being zero and handle it accordingly, either by returning a default minimum fee or by throwing an error, depending on the intended logic of the system.

Assessed type

Math

c4-pre-sort commented 10 months ago

raymondfam marked the issue as insufficient quality report

c4-pre-sort commented 10 months ago

raymondfam marked the issue as duplicate of #31

c4-judge commented 10 months ago

0xA5DF marked the issue as unsatisfactory: Invalid