Users always pay higher fees in EthosVouch.sol

Summary

EthosVouch.sol overestimates fees to pay, so users always pay higher fees. That's because fee formula overestimates result when called multiple times with partial fee.

Root Cause

-The choice to use calcFee() multiple times makes final fees higher than expected. As it is formula used in calcFee() is OK, however by design it will calculate higher fees when called multiple times for partial fee.

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

Suppose protocolFee = 3%, donationFee = 3%, vouchersPoolFee = 4%. So total fee is 10%.
User calls vouchByProfileId() and submits 1 ETH. According to formula in calcFee() it must calculate 1 - 1 * 100% / 110% = 0.091 ETH.
However in 3 different calls it will calculate 0.096 ETH. Which is 5.5% higher fee rate than expected.

Impact

Protocol always overcharges users with additional fee due to incorrect calculation. For example extra 10.05% instead of 10%.

PoC

No response

Mitigation

Calculate fee amount at once, and than divide it into different fee types according to weights.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

068.md

068.md

Users always pay higher fees in EthosVouch.sol

Summary

Root Cause

Internal pre-conditions

External pre-conditions

Attack Path

Impact

PoC

Mitigation

Files

068.md

Latest commit

History

068.md

File metadata and controls

Users always pay higher fees in EthosVouch.sol

Summary

Root Cause

Internal pre-conditions

External pre-conditions

Attack Path

Impact

PoC

Mitigation