XO-deductFee function allows attacker to avoid paying fees
Summary
The vulnerability in deductFee function, cause an issues that it does not take into account the fact that the newProgramAmount can be zero. If the newProgramAmount is zero, then the programFeeAmount will also be zero. this could be exploited by an attacker to avoid paying fees.
Vulnerability Detail
*/
function deductFee(ProgramInfo memory programInfo, UFixed18 incentivizationFee)
internal pure returns (UFixed18) {
Position memory newProgramAmount = programInfo.amount.mul(UFixed18Lib.ONE.sub(incentivizationFee));
UFixed18 programFeeAmount = programInfo.amount.sub(newProgramAmount).sum();
programInfo.amount = newProgramAmount;
return programFeeAmount;
}
/**
There is a vulnerability in the deductFee function. The function calculates the fee amount by subtracting the newProgramAmount from the programInfo.amount. The problem with this is that the newProgramAmount can be zero, which would cause the programFeeAmount to be zero.
This vulnerability could be exploited by an attacker to avoid paying fees. For example, the attacker could send a transaction that sets the incentivizationFee to a very high value. This would cause the newProgramAmount to be zero, which would in turn cause the programFeeAmount to be zero. This would allow the attacker to avoid paying fees for their trades.
Impact
The vulnerability allows an attacker to avoid paying fees, which could result in financial losses.
The attacker only needs to send a transaction that sets the incentivizationFee to zero to exploit this vulnerability .
the deductFee function should be changed to check if the incentive fee is zero. If the incentive fee is zero, the function should return a fee of zero.
XDZIBEC
high
XO-
deductFeefunction allows attacker to avoid payingfeesSummary
newProgramAmountcan be zero. If thenewProgramAmountis zero, then theprogramFeeAmountwill also be zero. this could be exploited by an attacker to avoid paying fees.Vulnerability Detail
deductFeefunction. The function calculates the fee amount by subtracting thenewProgramAmountfrom theprogramInfo.amount.The problem with this is that thenewProgramAmountcan be zero, which would cause theprogramFeeAmountto be zero.incentivizationFeeto a very high value. This would cause thenewProgramAmountto be zero, which would in turn cause theprogramFeeAmountto be zero. This would allow the attacker to avoid paying fees for their trades.Impact
incentivizationFeeto zero to exploit this vulnerability .Code Snippet
Tool used
Manual Review
Recommendation
deductFeefunction should be changed to check if the incentive fee is zero. If the incentive fee is zero, the function should return afeeof zero.