Closed c4-bot-3 closed 10 months ago
raymondfam marked the issue as insufficient quality report
Negligible impact. Additionally, impact on 2. is supposed to be in favor of users. QA at best.
raymondfam marked the issue as primary issue
0xA5DF marked the issue as unsatisfactory: Overinflated severity
I agree with Raymond, this seems like intended design and negligible
Lines of code
https://github.com/code-423n4/2023-11-shellprotocol/blob/485de7383cdf88284ee6bcf2926fb7c19e9fb257/src/ocean/Ocean.sol#L86-L90
Vulnerability details
Impact
The issue with the unwrap fee rounding down can have several detrimental impacts on the Ocean protocol:
Revenue Loss: Due to rounding down, the contract loses out on potential unwrap fees, particularly for smaller unwrap amounts. This can significantly reduce the protocol's revenue and limit its ability to operate and maintain its services.
Unfairness to Users: Smaller users who unwrap smaller amounts are disproportionately affected by the rounding down, leading to a sense of unfairness and potentially discouraging them from using the platform.
Reduced User Confidence: The presence of this issue can erode user confidence in the protocol's accuracy and fairness, potentially leading to decreased user engagement and adoption.
Proof of Concept
Scenario:
Code:
Define a minimum unwrap fee that applies regardless of the unwrap amount. This guarantees the contract always collects some fee, even for very small unwrap transactions.
Code:
Assessed type
Error