The _calculateUnwrapFee function in the project is designed to calculate fees by dividing the unwrapAmount by unwrapFeeDivisor. However, there is a potential issue when unwrapAmount is zero. This scenario leads to a fee calculation of zero, which may not be the intended behaviour, especially if the function is widely used across the project.
Proof of Concept
When unwrapAmount is zero, the function returns a fee of zero. This could lead to incorrect fee processing in scenarios where a non-zero fee is expected, even for zero unwrapAmount.
This could potentially lead to financial discrepancies, especially in scenarios where fees are expected to be charged regardless of the unwrapAmount. It could also affect the integrity of fee-related operations within the system.
Recommended Mitigation Steps
A potential fix would be to implement a check for unwrapAmount being zero and handle it accordingly, either by returning a default minimum fee or by throwing an error, depending on the intended logic of the system.
Lines of code
https://github.com/code-423n4/2023-11-shellprotocol/blob/485de7383cdf88284ee6bcf2926fb7c19e9fb257/src/ocean/Ocean.sol#L1158
Vulnerability details
Impact
The
_calculateUnwrapFee
function in the project is designed to calculate fees by dividing the unwrapAmount by unwrapFeeDivisor. However, there is a potential issue when unwrapAmount is zero. This scenario leads to a fee calculation of zero, which may not be the intended behaviour, especially if the function is widely used across the project.Proof of Concept
When unwrapAmount is zero, the function returns a fee of zero. This could lead to incorrect fee processing in scenarios where a non-zero fee is expected, even for zero
unwrapAmount
. This could potentially lead to financial discrepancies, especially in scenarios where fees are expected to be charged regardless of theunwrapAmount
. It could also affect the integrity of fee-related operations within the system.Recommended Mitigation Steps
A potential fix would be to implement a check for
unwrapAmount
being zero and handle it accordingly, either by returning a default minimum fee or by throwing an error, depending on the intended logic of the system.Assessed type
Math