Sparkn

CodeFox Inc.

DeFiFoundryProxy

15,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Missing check on COMMISSION_FEE value

sonny2k

Summary

COMMISSION_FEE is used to validate the totalPercentage which the organizer or the owner provide. However, the protocol stated that COMMISSION_FEE can be changed in the future, while there is no check if COMMISSION_FEE is appropriate when deploying the Distributor contract.

uint256 private constant COMMISSION_FEE = 500; // this can be changed in the future

Vulnerability Details

Case 1:

If the COMMISSION_FEE is 0 or very small, the protocol won't have any incentive being the host at all.

Case 2:

If the COMMISSION_FEE is very high or equals to BASIS_POINTS (10000), the winners aka supporters won't receive the right reward, and there is an underflow error when COMMISSION_FEE > BASIS_POINTS as the formula is totalPercentage != (10000 - COMMISSION_FEE).

Impact

In reality, the transaction of distribution will always be reverted as totalPercentage is always != 10000 - COMMISSION_FEE (for example, 9500 != (10000 - 5000)) based on the assumption of the developer thinking that they have deployed the Distributor contract with the right COMMISSION_FEE value. Funds will be stuck unless organizer or owner put the right totalPercentage calculated from the wrong value of COMMISSION_FEE, which will lead to those 2 scenarios above.

// check if totalPercentage is correct

if (totalPercentage != (10000 - COMMISSION_FEE)) {

revert Distributor__MismatchedPercentages();

}

The impact is high but the likelihood is low, so I'm setting this as medium severity.

Tools Used

Manual Analysis

Recommendations

Implement a validation for COMMISSION_FEE value in constructor(), which is > 0 and < the amount whichever the developer wants their fee to be (for example 2000):

...

+ error Distributor__WrongFeeValue();

...

constructor(

// uint256 version, // for future use

address factoryAddress,

address stadiumAddress

)

/* solhint-enable */

{

if (factoryAddress == address(0) || stadiumAddress == address(0)) revert Distributor__NoZeroAddress();

+ if (COMMISSION_FEE < 500 || COMMISSION_FEE > 2000) revert Distributor__WrongFeeValue();

FACTORY_ADDRESS = factoryAddress; // initialize with deployed factory address beforehand

STADIUM_ADDRESS = stadiumAddress; // official address to receive commission fee

}

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

194

77 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!