Assessment reportsPublic findings
Back to Zellic site
Assessment reports>USDT OFT>Discussion>Fee bypass for small amounts
GeneralOverview
Findings
Informational (1)
DiscussionFee bypass for small amountsImportance of planner's credit management
Threat ModelCreditsusdtOFT TON
Audit ResultsAssessment Results

Fee bypass for small amounts

Note that there is a fee bypass in sendOFT that LayerZero Labs is aware of:

!;; The rounding on the fee and amount calculation favors the sender,
!;; In theory small enough transfers will not incur any fees
(int, int) _getAmountAndFee(cell $storage, int totalAmount) impure inline {
    int feeBps = $storage.UsdtOFT::getFeeBps();
    ;; totalAmount is always at most 128-bits, feeBps is at most 10000 == 13 bits
    ;; so this multiplication can never overflow signed 257-bit
    int fee = ((totalAmount * feeBps) / BPS_DENOMINATOR);
    int amount = totalAmount - fee;
    return (amount, fee);
}

However, given the BPS_DENOMINATOR of 10000, exploiting this bug to completely bypass fees does not make sense in practice; the maximum transferrable amount while bypassing fees is ceil(BPS_DENOMINATOR / feeBps) - 1, which is a very small amount compared to the fees.

Zellic © 2025Back to top ↑