Description

The current implementation calculates the swap fee for the buyAmount after the fee deduction. According to the Cove documentation↗, buyAmount is defined as the amount of the buy token being received before fee deduction. However, in the implementation, the fee is deducted from the sellAmount before determining the buyAmount.

info.netSellAmount = trade.sellAmount - info.feeOnSell;

// Calculate initial buyAmount based on netSellAmount
uint256 initialBuyAmount = self.eulerRouter.getQuote(
    self.eulerRouter.getQuote(info.netSellAmount, trade.sellToken, _USD_ISO_4217_CODE),
    _USD_ISO_4217_CODE,
    trade.buyToken
);

// Calculate fee on buyAmount
if (swapFee > 0) {
    info.feeOnBuy = FixedPointMathLib.fullMulDiv(initialBuyAmount, swapFee, 20_000);
    self.collectedSwapFees[trade.buyToken] += info.feeOnBuy;
    emit SwapFeeCharged(trade.buyToken, info.feeOnBuy);
}
info.netBuyAmount = initialBuyAmount - info.feeOnBuy;

Impact

The current fee-calculation method leads to undercollected fees, causing financial loss to the protocol and inconsistencies with the documented behavior.

Recommendations

Use the buyAmount before any fee deductions instead of initialBuyAmount when calculating feeOnBuy.

Remediation

This issue has been acknowledged by Storm Labs, and a fix was implemented in commit 803fc0d1↗.