This repository has been archived by the owner on May 26, 2023. It is now read-only.
0x52 - PerpDepository#_placePerpOrder miscalculates fees paid when shorting #271
Labels
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
0x52
medium
PerpDepository#_placePerpOrder miscalculates fees paid when shorting
Summary
PerpDepository#_placePerpOrder calculates the fee as a percentage of the quoteToken received. The issue is that this amount already has the fees taken so the fee percentage is being applied incorrectly.
Vulnerability Detail
When calculating fees,
PerpDepository#_placePerpOrder
use the quote amount retuned when opening the new position. It always uses exactIn which means that for shorts the amount of baseAsset being sold is specified. The result is that quote amount returned is already less the fees. If we look at how the fee is calculated we can see that it is incorrect.Example:
Imagine the market price of ETH is $1000 and there is a market fee of 1%. The 1 ETH is sold and the contract receives 990 USD. Using the math above it would calculated the fee as $99 (990 * 1%) but actually the fee is $100.
It have submitted this as a medium because it is not clear from the given contracts what the fee totals are used for and I cannot fully assess the implications of the fee value being incorrect.
Impact
totalFeesPaid will be inaccurate which could lead to disparities in other contracts depending on how it is used
Code Snippet
https://github.com/sherlock-audit/2023-01-uxd/blob/main/contracts/integrations/perp/PerpDepository.sol#L804-L810
Tool used
Manual Review
Recommendation
Rewrite _calculatePerpOrderFeeAmount to correctly calculate the fees paid:
The text was updated successfully, but these errors were encountered: