Sparkn

CodeFox Inc.

DeFiFoundryProxy

15,000 USDC

View results

Previous Next

Submission Details

Severity: low

The commission fee verification process has never been initiated.

WhiteRose

Summary

The COMMISSION_FEE value is currently hardcoded. Although this does not trigger any errors as it is not called, it could potentially disrupt functionality in future updates.

Vulnerability Details

The code indicates that the COMMISSION_FEE may be subject to future changes, as mentioned in the documentation for new implementations. However, a potential issue arises if the COMMISSION_FEE exceeds BASIS_POINTS.

In the code snippet:

Distributor.sol#L135 if (totalPercentage != (10000 - COMMISSION_FEE)) {

If a new implementation is launched where COMMISSION_FEE >= BASIS_POINTS, it would cause the distribute function to revert every time. This could potentially disrupt the normal operation of the contract.

Impact

While the current implementation does not present any impact, potential future modifications, as previously discussed, could indeed have implications.

Tools Used

Manual code review

Recommendations

Incorporate a validation check within the _distribute() function to ensure that the COMMISSION_FEE is consistently less than BASIS_POINTS.

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

194

77 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.