Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

0xloophole - Incorrect Order of Operations in _commitmentPrice Function #88

Open
sherlock-admin2 opened this issue Sep 13, 2024 · 0 comments
Open

0xloophole - Incorrect Order of Operations in _commitmentPrice Function #88

sherlock-admin2 opened this issue Sep 13, 2024 · 0 comments

Comments

@sherlock-admin2
Copy link

sherlock-admin2 commented Sep 13, 2024
edited by sherlock-admin3
Loading

0xloophole

Medium

Incorrect Order of Operations in _commitmentPrice Function

Summary

The ChainlinkFactory contract includes a _commitmentPrice function used to calculate the commitment price for Chainlink oracle updates. This function applies both a surcharge and a discount to the native quantity to determine the final fee.

Issue Details

The current implementation of the _commitmentPrice function applies the surcharge before the discount. This order of operations leads to higher fees compared to applying the discount first, potentially disadvantaging users.

Code Snippet

function _commitmentPrice(bytes32 underlyingId, uint256 nativeQuantity) internal view returns (uint256) {
    uint256 discount = feeManager.s_subscriberDiscounts(address(this), underlyingId, feeTokenAddress);
    uint256 surchargedFee = Math.ceilDiv(nativeQuantity * (PERCENTAGE_SCALAR + feeManager.s_nativeSurcharge()), PERCENTAGE_SCALAR);
    return Math.ceilDiv(surchargedFee * (PERCENTAGE_SCALAR - discount), PERCENTAGE_SCALAR);
}

Impact

  1. Users are charged higher fees than necessary, especially when discounts are significant.
  2. The fee calculation doesn't align with common pricing practices where discounts are typically applied to the base price before adding surcharges.
  3. This may lead to user dissatisfaction and reduced competitiveness of the service.

Scenario

Consider the following scenario:

  • Native Quantity: 1000
  • Surcharge: 10% (0.1 * PERCENTAGE_SCALAR)
  • Discount: 20% (0.2 * PERCENTAGE_SCALAR)

Current calculation:

  1. Apply surcharge: 1000 * 1.1 = 1100
  2. Apply discount: 1100 * 0.8 = 880

If we reverse the order:

  1. Apply discount: 1000 * 0.8 = 800
  2. Apply surcharge: 800 * 1.1 = 880

In this case, the result is the same, but for larger numbers and different discount/surcharge rates, the difference can be significant.

Proposed Fix

Reverse the order of operations in the _commitmentPrice function:

function _commitmentPrice(bytes32 underlyingId, uint256 nativeQuantity) internal view returns (uint256) {
    uint256 discount = feeManager.s_subscriberDiscounts(address(this), underlyingId, feeTokenAddress);
    uint256 discountedFee = Math.ceilDiv(nativeQuantity * (PERCENTAGE_SCALAR - discount), PERCENTAGE_SCALAR);
    return Math.ceilDiv(discountedFee * (PERCENTAGE_SCALAR + feeManager.s_nativeSurcharge()), PERCENTAGE_SCALAR);
}
@sherlock-admin3 sherlock-admin3 changed the title Crazy Chartreuse Viper - Incorrect Order of Operations in _commitmentPrice Function 0xloophole - Incorrect Order of Operations in _commitmentPrice Function Sep 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sherlock-admin2