This repository has been archived by the owner on May 26, 2023. It is now read-only.
Ch_301 - The _fee()
function is wrongly implemented in the code
#95
Labels
Ch_301
high
The
_fee()
function is wrongly implemented in the codeSummary
_fee() function is wrongly implemented in the code so the protocol will get fewer fees and the trader will earn more
Vulnerability Detail
let's say we have:
newFee
100 USDCUSDC Decimals is 6
settlementFeePercentage
is 20% ==> 200The
unitFee
will be 520_000amount
= (100 * 1_000_000) / 520_000amount
= 192 USDCWhich is supposed to be
amount
= 160 USDCImpact
The protocol will earn fees less than expected
Code Snippet
https://github.com/bufferfinance/Buffer-Protocol-v2/blob/83d85d9b18f1a4d09c728adaa0dde4c37406dfed/contracts/core/BufferBinaryOptions.sol#L318-L353
https://github.com/bufferfinance/Buffer-Protocol-v2/blob/83d85d9b18f1a4d09c728adaa0dde4c37406dfed/contracts/core/BufferBinaryOptions.sol#L424-L437
Tool used
Manual Review
Recommendation
The
_fee()
function needs to calculate the fees in this wayThe text was updated successfully, but these errors were encountered: