Assessment reportsPublic findings
Back to Zellic site
Assessment reports>StakeKit FeeWrapper>Medium findings>Rounding errors in computing fee
GeneralOverview
Findings
Medium (3)The transferFrom function could failThe approve function could failRounding errors in computing fee
DiscussionUse of ReentrancyGuard is recommendedNo proxy pattern for upgradesNo test coverage for nonstandard ERC-20 tokens
Threat ModelWhat are threat models?FeeManager.solFeeWrapper4626.sol
Audit ResultsAssessment Results
Category: Business Logic

Rounding errors in computing fee

Medium Severity
Medium Impact
Medium Likelihood

Description

Due to Solidity's lack of native support for floating-point arithmetic, the results of computing fees may be inconsistent.

function computeFee(uint256 amount, FeeConfig memory feeConfig) public pure returns (uint256) {
    uint16 fee = feeConfig.fee;
    uint256 feeAmount = (amount * fee) / 10_000;
    return feeAmount;
}

For instance, when amount <= 9999 and fee is 1, the feeAmount would be 0.

uint256 amount = 9999;
uint16 fee = 1;
uint256 feeAmount = (amount*fee) / 10_000; // would be 0

Impact

Inconsistency in fee calculations can lead to incorrect calculation.

Recommendations

Add a minimum deposit limit, or consider having fees accumulate in the contract and having a payout function.

Remediation

This issue has been acknowledged by StakeKit. The issue was fixed with commit . They revert if the feeAmount is less than 1 wei to enforce a minimum deposit.

Zellic © 2024Back to top ↑