Open hats-bug-reporter[bot] opened 1 week ago
In the secenario you describe, the "attacker" is swapping dust amounts, and to the fees are so small that they round down to 0. The costs for the "attacker" here are certainaly going to be higher than what they gain in not paying fees (i.e. less than 1 wei)
Github username: -- Twitter username: -- Submission hash (on-chain): 0xe1fb54e9b5a7aa6fe65a3b89934741e79a14ab5308a338bb7a236681a99db441 Severity: high
Description: Description\ Market makers provide liquidity to exchanges in exchange for a fee. For Thorn protocol, this fee is calculated and collected at StableSwapTwoPool::exchange Ln 640-649:
The vulnerability arises from the fact that swaps can be executed at Zero fee, translating to a loss of revenue for LP providers as well the protocol. Savvy swap customers can therefore receive more tokens than expected since fee is not deducted.
This vulnerability is also present at StableSwapThreePool::exchange Attack Scenario\ The vulnerability can be exploited by swapping small amounts. Attachments
The last line in the POC calculates the fee collected from the swap, which is Zero