Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Minato7namikazi - Missing Harberger Fee Deduction in CollectionToken.mint #781

Open
sherlock-admin4 opened this issue Sep 15, 2024 · 0 comments
Open

Minato7namikazi - Missing Harberger Fee Deduction in CollectionToken.mint #781

sherlock-admin4 opened this issue Sep 15, 2024 · 0 comments

Comments

@sherlock-admin4
Copy link
Contributor

sherlock-admin4 commented Sep 15, 2024
edited by sherlock-admin2
Loading

Minato7namikazi

High

Missing Harberger Fee Deduction in CollectionToken.mint

Summary

Bug Report: Harberger Fees Not Deducted During Liquid Listing

1. Bug Title: Missing Harberger Fee Deduction in CollectionToken.mint

2. Trigger Condition:

This bug is triggered whenever a user creates a Liquid Listing for an NFT. The CollectionToken contract, responsible for minting the fungible representation (ƒ tokens) of the listed NFT, does not deduct the pre-paid Harberger Fees as specified in the whitepaper.

3. PoC Flow:

  1. User Lists NFT: A user initiates a Liquid Listing for a non-floor NFT, setting a desired floor multiple (redemption price).
  2. CollectionToken.mint Called: The platform calls the CollectionToken.mint function to issue ƒ tokens to the user representing the initial liquidity received for the listing (equivalent to one floor NFT).
  3. No Fee Deduction: The mint function in CollectionToken.sol unconditionally mints the full _amount of ƒ tokens to the user without deducting any pre-paid Harberger Fees.

4. Impact:

  • Free Liquidity Exploitation: Users can list their NFTs at extremely inflated prices while still receiving the full amount of floor tokens (1 ƒ token), effectively obtaining free and unbacked liquidity.
  • ƒ Token Depegging: The unchecked minting of ƒ tokens without proper fee deduction dilutes their value and leads to a disconnect between the token price and the actual market value of the underlying NFTs.
  • Unhealthy Listing Ecosystem: Incentivizes manipulative listings with exorbitant redemption prices, hindering legitimate trading and "Trade-Up" opportunities.
  • Protocol Sustainability Threat: Undermines the core value proposition of the Harberger Fee model, which is designed to encourage fair pricing and discourage price manipulation.

5. Code Snippet: CollectionToken.mint:

/**
 * Allows our creating contract to mint additional ERC20 tokens when required.
 *
 * @param _to The recipient of the minted token
 * @param _amount The number of tokens to mint
 */
function mint(address _to, uint _amount) public onlyOwner {
    if (_to == address(0)) revert MintAddressIsZero();
    _mint(_to, _amount); // <--- Full amount minted without fee deduction 
}

Recommendation:

Modify the CollectionToken.mint function to first calculate and deduct the pre-paid Harberger Fee from the total _amount before minting the remaining amount of ƒ tokens to the user. This modification will ensure that users pay the required interest on their listings, promoting fair pricing and a robust ecosystem.

Root Cause

No response

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

No response

Impact

No response

PoC

No response

Mitigation

No response
@sherlock-admin2 sherlock-admin2 changed the title Rough Corduroy Eagle - Missing Harberger Fee Deduction in CollectionToken.mint Minato7namikazi - Missing Harberger Fee Deduction in CollectionToken.mint Oct 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sherlock-admin4