Witty Clear Grasshopper
Medium
user can send numa without paying fee by send small amount .
there is a fee set by numa so when user send numa they had to pay some fee, however a user can send numa without paying any fee due to division in the _transferWithFee function result in rounding down to zero.
function _transferWithFee(
address from,
address to,
uint256 amount,
uint256 fee
) internal virtual {
//@audit user can bypass pay fee by send small amount
uint256 amountToBurn = (amount * fee) / 10000;
amount -= amountToBurn;
_burn(from, amountToBurn);
super._transfer(from, to, amount);
}let assume the fee is 1% ~ 100 in bps and amount is 99.
uint256 amountToBurn = (amount * fee) / 10000;
amountToBurn = (99*100)/ 10000 = 0.99
but in solidity using chisel
➜ (uint256(99) * uint256(100) )/ 10000
Type: uint256
├ Hex: 0x0
├ Hex (full word): 0x0
└ Decimal: 0admin set fee to 1%
user send any amount that will result in rounding down to zero.
user want to send 1000 numa ,
fee is 1% when user send all the 1000 numa the final amount user will end with is 990.
a user will send 99 numa 10 times then send 10 numa total 1000 numa so he will not pay any fee.
lose of fee for the protocol.
No response
revert if the fee > 0 and amountToBurn is equal to 0.