XO-deductFee function allows attacker to avoid paying fees
Summary
The vulnerability in deductFee function, cause an issues that it does not take into account the fact that the newProgramAmount can be zero. If the newProgramAmount is zero, then the programFeeAmount will also be zero. this could be exploited by an attacker to avoid paying fees.
Vulnerability Detail
*/
function deductFee(ProgramInfo memory programInfo, UFixed18 incentivizationFee)
internal pure returns (UFixed18) {
Position memory newProgramAmount = programInfo.amount.mul(UFixed18Lib.ONE.sub(incentivizationFee));
UFixed18 programFeeAmount = programInfo.amount.sub(newProgramAmount).sum();
programInfo.amount = newProgramAmount;
return programFeeAmount;
}
/**
There is a vulnerability in the deductFee function. The function calculates the fee amount by subtracting the newProgramAmount from the programInfo.amount. The problem with this is that the newProgramAmount can be zero, which would cause the programFeeAmount to be zero.
This vulnerability could be exploited by an attacker to avoid paying fees. For example, the attacker could send a transaction that sets the incentivizationFee to a very high value. This would cause the newProgramAmount to be zero, which would in turn cause the programFeeAmount to be zero. This would allow the attacker to avoid paying fees for their trades.
Impact
The vulnerability allows an attacker to avoid paying fees, which could result in financial losses.
The attacker only needs to send a transaction that sets the incentivizationFee to zero to exploit this vulnerability .
the deductFee function should be changed to check if the incentive fee is zero. If the incentive fee is zero, the function should return a fee of zero.
XDZIBEC
high
XO-
deductFee
function allows attacker to avoid payingfees
Summary
newProgramAmount
can be zero. If thenewProgramAmount
is zero, then theprogramFeeAmount
will also be zero. this could be exploited by an attacker to avoid paying fees.Vulnerability Detail
deductFee
function. The function calculates the fee amount by subtracting thenewProgramAmount
from theprogramInfo.amount.
The problem with this is that thenewProgramAmount
can be zero, which would cause theprogramFeeAmount
to be zero.incentivizationFee
to a very high value. This would cause thenewProgramAmount
to be zero, which would in turn cause theprogramFeeAmount
to be zero. This would allow the attacker to avoid paying fees for their trades.Impact
incentivizationFee
to zero to exploit this vulnerability .Code Snippet
Tool used
Manual Review
Recommendation
deductFee
function should be changed to check if the incentive fee is zero. If the incentive fee is zero, the function should return afee
of zero.