Category: Coding Mistakes
Commission-amount attribute is incorrect
Informational Severity
Informational Impact
N/A Likelihood
Description
Fees are deducted from the commission_asset
; however, when it is added as an attribute, the fees
are not deducted.
// CONTRACT - a user must do token approval
#[allow(clippy::too_many_arguments)]
pub fn swap(
deps: DepsMut,
env: Env,
info: MessageInfo,
sender: Addr,
offer_asset: Asset,
belief_price: Option<Decimal>,
max_spread: Option<Decimal>,
to: Option<Addr>,
deadline: Option<u64>,
) -> Result<Response, ContractError> {
...
let fees = commission_amount
.checked_div(Uint128::from(2u128))
.ok()
.unwrap();
// Sends half of commissions as fees to fee collector
if !fees.is_zero() {
let commission_asset = Asset {
info: ask_pool.info.clone(),
amount: fees,
};
messages.push(commission_asset.into_msg(Addr::unchecked(FEE_COLLECTOR))?);
}
...
Ok(Response::new().add_messages(messages).add_attributes(vec![
("commission_amount", &commission_amount.to_string()),
}
Impact
The attributes of this transaction will be inaccurate.
Recommendations
Deduct the fees from the commission_asset
before adding it as an attribute.
Remediation
Dojoswap Labs, PTE provided the following response:
Acknowledged. Attribute is currently not used anywhere else other than as logs.