_handleCloseFees
returns a _payout
that does not account for referral fees
#382
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-367
satisfactory
satisfies C4 submission criteria; eligible for awards
Lines of code
https://github.com/code-423n4/2022-12-tigris/blob/588c84b7bb354d20cbca6034544c4faa46e6a80e/contracts/Trading.sol#L805
Vulnerability details
Impact
Payout calculated on closing a trade accounts for daoFees, burnFees, botFees but misses
referralFees
. This means that payout to trader is higher than what it is supposed to be. Since the error concerns payments to users, I have classified it asHigh Risk
findingPayout is calculated in line 805 as follows
Above formula can also be written as
Note that
_daoFeesPaid
variable in above formula has already accounted for2*_referralFeesPaid
that is already subtracted_botFeesPaid
that is also subtractedcurrent formula adds back
_botFeesPaid
todaoFeesPaid
but the2*_referralPaid
that was earlier subtracted fromdaoFeesPaid
is not added -> so the payout_ computed will always be higher than the actual valueRecommended Mitigation Steps
Use formula below for line 805
The text was updated successfully, but these errors were encountered: