0xMaroutis - Incorrect `FixedEarlyExitFees` calculation leads to significantly reduced fees

[sherlock-admin2]

0xMaroutis

Medium

Incorrect FixedEarlyExitFees calculation leads to significantly reduced fees

Summary

The calculateFixedEarlyExitFees function has an error in the percentage calculation for early exit fees, potentially resulting in significantly lower fees than intended.

Vulnerability Detail

In the calculateFixedEarlyExitFees function, the early exit fee is calculated using the following formula:

uint256 earlyExitFees = upfrontPremium.mulDiv((1 + earlyExitFeeBps).mulDiv(remainingProportion, 1e18), 10000);

The intention is to calculate a yield using the formula (1 + r), where r is the rate expressed in basis points. However, since the calculation works in basis points, the "1" in this formula should actually be represented as 10,000 basis points.

Impact

• Early exit fees will be much lower than intended. For example, if earlyExitFeeBps is 500 (5%), the current calculation will use 0,05 instead of 1.05 as the yield factor.
• Users exiting early will pay much lower fees than intended, potentially as low as 1/21th of the intended amount.
• The protocol will lose a significant amount of revenue from early exit fees.
• The reduced exit fees may incentivize more early exits and reduce incentives for depositors that will earn the fees.

Code Snippet

https://github.com/sherlock-audit/2024-08-saffron-finance/blob/38dd9c8436db341c331f1b14545770c1766fc0ee/lido-fiv/contracts/LidoVault.sol#L992

Tool used

Manual Review

Recommendation

Implement the following :

uint256 earlyExitFees = upfrontPremium.mulDiv((10_000 + earlyExitFeeBps).mulDiv(remainingProportion, 1e18), 10000);