Fee amount charged by the Protocol can be circumvented for low-decimal Stablecoins

Summary

When Quote token is a low-decimal ERC20 Stablecoin , the fee collected by the protocol in GSPTrader.sol#querySellBase can be circumvented to 0 for smaller deposits.

Vulnerability Detail

Let's consider the example where Base Token is USDC and Quote Token is a token like GeminiUSD which is a token with 300M+ market cap, which is widely used StableCoin. Now see this piece of code:

 function querySellBase(address trader, uint256 payBaseAmount)
        public
        view
        returns (
            uint256 receiveQuoteAmount,
            uint256 mtFee,
            PMMPricing.RState newRState,
            uint256 newBaseTarget
        )
    {
        PMMPricing.PMMState memory state = getPMMState();
        (receiveQuoteAmount, newRState) = PMMPricing.sellBaseToken(state, payBaseAmount);

        uint256 lpFeeRate = _LP_FEE_RATE_;
        uint256 mtFeeRate = _MT_FEE_RATE_;
 @>  mtFee = DecimalMath.mulFloor(receiveQuoteAmount, mtFeeRate);
        receiveQuoteAmount = receiveQuoteAmount
 @>       - DecimalMath.mulFloor(receiveQuoteAmount, lpFeeRate)
            - mtFee;
        newBaseTarget = state.B0;
    }

Let's say the mtFeeRate is about 1% and let's say an amount of 8 DAI(8e18) has been put to sale which would give the receiveQuoteAmount to be about 7.8 GeminiUSD(7.8e2). In this case the fee calculated will be round to zero.

Impact

The protocol doesn't collect fees from Vaults with low decimal StableCoin as the Quote Tokens .

Code Snippet

https://github.com/sherlock-audit/2023-12-dodo-gsp/blob/main/dodo-gassaving-pool/contracts/GasSavingPool/impl/GSPTrader.sol#L224C3-L244C6

Tool used

Manual Review

Recommendation

Consider adding zero checks for these cases and if the fee circumvents to 0,then use a constant fee for those cases

sherlock-audit / 2023-12-dodo-gsp-judging

Angry_Mustache_Man - Fee amount charged by the Protocol can be circumvented for low-decimal Stablecoins #144