F-2025-0003·missing-zero-check

Zero-Value Fee Transfers Can Revert

Acknowledgedescrowpaymentserc-20
TL;DR

Some ERC-20 tokens (like LEND) revert on zero-value transfers. The contract attempts the fee transfer without checking whether the fee amount is zero, blocking very small payments.

Severity
LOW
Impact
LOW
Likelihood
MEDIUM
Method
MManual review
CAT.
Complexity
LOW
Exploitability
LOW
02Section · Description

Description

Some ERC-20 tokens (like LEND) revert on zero-value transfers. The contract doesn't check if the fee amount is zero before attempting the transfer:

solidity
function _createERC20Payment(...) internal {
    (uint256 feeAmount, uint256 paymentAmount) = _processFee(amount);
    // feeAmount could be 0 for very small payments
    SafeERC20.safeTransfer(token, feeRecipient, feeAmount);
}
03Section · Impact

Impact

  • Payments with very small amounts where fee rounds to zero will revert.
  • Users cannot create small payments.
  • Wastes gas on failed transactions.
  • Poor user experience.
04Section · Recommendation

Recommendation

The recommended approach is to add a zero-check in the function before transfer:

solidity
function _createERC20Payment(...) internal {
    (uint256 feeAmount, uint256 paymentAmount) = _processFee(amount);
    if (feeAmount > 0) {
        SafeERC20.safeTransfer(token, feeRecipient, feeAmount);
    }
}
ZEALYNX SECURITY · published 2025-05-08
F-2025-0003

oog
zealynx

Smart Contract Security Digest

Monthly exploit breakdowns, audit checklists, and DeFi security research — straight to your inbox

REQUEST AN AUDIT

Quick Links

Services

Company

Resources

© 2026 Zealynx