search

sherlock-audit / 2023-10-real-wagmi-judging

16 stars 14 forks source link

0xrobsol - Rounding to Zero Prevents Fee Collection for Lesser Amounts #107

Closed sherlock-admin closed 10 months ago

sherlock-admin commented 11 months ago

0xrobsol

medium

Rounding to Zero Prevents Fee Collection for Lesser Amounts

Summary

Potential issue with rounding down could inhibit fee collection for token amounts less than Constants.COLLATERAL_BALANCE_PRECISION.

Vulnerability Detail

The collectProtocol function, designed to enable the owner to gather protocol fees for multiple tokens, uses a division mechanism that can result in amounts rounding down to zero. Specifically, if platformsFeesInfo[token] is less than Constants.COLLATERAL_BALANCE_PRECISION, the resultant amount becomes zero due to the way integer division is designed in

In practice, this means that if any token's fee amount is smaller than Constants.COLLATERAL_BALANCE_PRECISION, that fee will not be transferred out, effectively locking it within the protocol. Over time and with many tokens, these amounts might accumulate, but will remain inaccessible.

uint256 amount = platformsFeesInfo[token] / Constants.COLLATERAL_BALANCE_PRECISION; This condition can result in funds being stuck in the protocol if the token is no longer used, as the fee for that token would never exceed the precision value.

Impact

Funds Lockup: Small fee amounts below the Constants.COLLATERAL_BALANCE_PRECISION threshold could get stuck in the protocol, leading to accumulative losses over time.

Reduced Fee Income: The protocol's owner might not receive the total amount of fees they expect due to rounding down. As a result, the effective income derived from fees is diminished.

Misrepresentation: Users or stakeholders might be under the impression that all fees are being collected as intended. This rounding down issue could be seen as a misrepresentation or oversight of the fee collection mechanics.

Operational Inefficiency: Over time, as more tokens potentially get stuck in this manner, the complexity of accounting and management might increase. These "dust" amounts, though individually small, can add operational challenges when assessing the total assets or liabilities of the protocol.

Code Snippet

https://github.com/sherlock-audit/2023-10-real-wagmi/blob/main/wagmi-leverage/contracts/LiquidityBorrowingManager.sol#L186C6-L196C14

Tool used

Manual Review

Recommendation

Consider implementing a mechanism that allows the collection of even small fee amounts without rounding issues.

sherlock-admin2 commented 10 months ago

1 comment(s) were left on this issue during the judging contest.

tsvetanovv commented:

Low. I think the losses will be too small for it to make it into the Medium category. Separately if the function is called with such a token where there is very little fee will be in the category "User error"