toprince
commented
4 hours ago - quote->base and base->quote are 2 different swaps, so the fee may have difference
- Need more real calc to see if will lose fee in such case. Please input more.
Open sherlock-admin4 opened 15 hours ago
toprince
commented
4 hours ago
Creamy Carrot Yeti
Medium
Fees are inconsistently charged if the price direction quote -> base and base -> quote
Summary
The protocol charges fees at the moment on every swap. The problem is that depending on the direction of the swap this amount may differ resulting in a loss of potential slippage funds by the protocol (or taking excessive funds making some users paying more).
Vulnerability Detail
At the moment the fees are taken from the
quote_amount:https://github.com/sherlock-audit/2024-08-woofi-solana-deployment/blob/main/WOOFi_Solana/programs/woofi/src/instructions/swap.rs#L151
The problem is that in one case it's taken from the initial amount and in the other after performing the first swap:
https://github.com/sherlock-audit/2024-08-woofi-solana-deployment/blob/main/WOOFi_Solana/programs/woofi/src/instructions/swap.rs#L148
Here the fees are taking after selling base token to the quote token.
https://github.com/sherlock-audit/2024-08-woofi-solana-deployment/blob/main/WOOFi_Solana/programs/woofi/src/instructions/swap.rs#L134
And here it's taken from the initial
from_amountmeaning it has a certain value every time. So if the direction of the swap is quote -> base (selling the quote token and getting the base token) the first if-statement will be skipped and we'll take the fees from the initialfrom_amount. In the second case, the swap can be subjected to MEV attacks and therefore every time the protocol may lose some fees due to the slippage.Impact
The protocol will lose fee money due to the inconsistent fee charge.
Code Snippet
Tool used
Manual Review
Recommendation
Take fees on the initial amount to avoid slippage impact.