# Incorrect Calculation Logic *** ## Issue from Incorrect priceMarkUp Range When using `priceMarkup`, it's important to carefully consider who bears the cost of any discount. Be mindful of scenarios where other users or the paymaster may be unfairly burdened. Example Case: If the `priceMarkUp` is too low (discount), only certain users may benefit from the reduced gas fees, while other users may be unable to access the amount they have deposited.

* Mitigation: The range of `priceMarkUp` should be restricted to ensure it does not negatively impact the protocol. {% code overflow="wrap" %} ```solidity require(_tokenPaymasterConfig.priceMarkup <= 2 * PRICE_DENOMINATOR, "TPM: price markup too high"); require(_tokenPaymasterConfig.priceMarkup >= PRICE_DENOMINATOR, "TPM: price markup too low"); ``` {% endcode %} *** ## Overflow/Underflow Risk with Unchecked Operations When using `unchecked` blocks to save gas, be cautious of overflow/underflow risks, especially when performing calculations with sensitive variables or user-supplied parameters. Example Case: If a user `withdraws` all their `deposit` while their `userOperation` is waiting in the mempool after the first validation, an underflow could occur in the gas payment process due to an `unchecked` code block. Following this process, the user’s `deposit` approaches the maximum value, allowing them to potentially `withdraw` all of the Paymaster’s funds.

* Mitigation: A conditional statement should be used to compare the two values before performing the actual calculation to ensure that such issues do not occur. ```solidity if (requiredGasCost > deposits[user]){ revert("deposit too low"); } ```