sherlock-audit / 2023-04-unitasprotocol-judging

4 stars 3 forks source link

evilakela - SwapFunctions::_getFeeByAmountWithFee wrong calculating fee #38

Closed sherlock-admin closed 1 year ago

sherlock-admin commented 1 year ago

evilakela

medium

SwapFunctions::_getFeeByAmountWithFee wrong calculating fee

Summary

SwapFunctions::_getFeeByAmountWithFee wrong calculating fee

Vulnerability Detail

https://github.com/sherlock-audit/2023-04-unitasprotocol/blob/main/Unitas-Protocol/src/SwapFunctions.sol#L129-L143 This function fails to calculate correct fee. Example: fee = 1e5 / 1e6 (10%) amount = 1_100_000 (with fee, fee = 100_000) Got: amunt * fee = 110_000 != 100_000

Impact

Protocol take incorrect fee, bigger than expected

Code Snippet

https://github.com/sherlock-audit/2023-04-unitasprotocol/blob/main/Unitas-Protocol/src/SwapFunctions.sol#L129-L143

Tool used

Manual Review

Recommendation

amountWithoutFee = amountWithFee * feeDenominator / (feeNumerator + feeDenominator)
fee = amountWithFee - amountWithoutFee

1_100_000 * 1e6 / (1e5 + 1e6) = 1_000_000 1_100_000 - 1_000_000 = 100_000