Assessment reportsPublic findings
Back to Zellic site
Assessment reports>GTE>Medium findings>Invalid fee tiers cause permanent order-matching denial of service
GeneralOverview
Findings
Critical (1)
High (2)
Medium (5)Noncompetitive orders can be replaced with smaller ordersFront-running orders is possible through order amendmentsGlobal bondingCurve misuse in SimpleLaunchPad functionsWETH unwrap fails due to incorrect token flowInvalid fee tiers cause permanent order-matching denial of service
Low (1)
DiscussionTest suite
Threat ModelWhat are threat models?CLOB.solCLOBManager.solGTERouter.solSimpleLaunchpad.sol
Audit ResultsAssessment Results
Category: Coding Mistakes

Invalid fee tiers cause permanent order-matching denial of service

Medium Severity
Low Impact
Low Likelihood

Description

The FeeData.sol contract establishes fee categories for accounts using the CLOB. Those fees are read during all maker/taker fee calculations during order matching. If an administrative user sets the fee category of a user greater than 15, all orders will revert with IndexOutOfBounds().

Impact

This scenario requires an administrative user to call setAccountFeeTier() with an invalid fee tier. If that same account then submits any order to the order book, the action will revert, due to the invalid fee configuration.

Recommendations

We recommend adding validation to the setAccountFeeTier() such that the account tier cannot exceed 15.

Remediation

This issue has been acknowledged by Liquid Labs, Inc., and a fix was implemented in commit ebfd69a7.

Liquid Labs, Inc. provided the following response to this finding:

Fee tier length is now asserted during setAccountFeeTier so that an upgrade cannot result in accidentally adding and using more than 16 tiers.

Zellic © 2025Back to top ↑