The Standard

DeFiHardhat

20,000 USDC

View results

Previous Next

Submission Details

Severity: low

Valid

Users with Negligible TST Holdings Might Not Receive Their Share of EUROs Fees

daniel526

Summary

The fee distribution mechanism in the provided Solidity contract may result in perceived unfairness, especially for users with negligible TST holdings. The distribution is proportional to users' TST holdings relative to the total, potentially leading to extremely small or negligible EUROs fee allocations for users with minimal contributions.

Vulnerability Details

In the distributeFees function, the EUROs fees are distributed among users based on the proportion of their TST holdings to the total TST holdings. Here is the relevant code snippet:

function distributeFees(uint256 _amount) external onlyManager {

uint256 tstTotal = getTstTotal();

if (tstTotal > 0) {

IERC20(EUROs).safeTransferFrom(msg.sender, address(this), _amount);

for (uint256 i = 0; i < holders.length; i++) {

address _holder = holders[i];

positions[_holder].EUROs += _amount * positions[_holder].TST / tstTotal;

}

for (uint256 i = 0; i < pendingStakes.length; i++) {

pendingStakes[i].EUROs += _amount * pendingStakes[i].TST / tstTotal;

}

The EUROs fees are distributed based on the proportion of a user's TST holdings to the total TST holdings.
Users with negligible TST holdings may receive extremely small or no EUROs fees.

Impact

Users with negligible TST holdings might perceive the fee distribution as unfair, potentially leading to dissatisfaction and trust issues with the protocol.

Tools Used

Manual

Recommendations

Consider implementing a minimum threshold or alternative distribution model that ensures users with very small TST holdings are either ineligible for fee distribution or receive a more equitable share.

Updates

Lead Judging Commences

hrishibhat Lead Judge over 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

precision-distributeFees

hrishibhat Lead Judge over 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

precision-distributeFees

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

609

33 USDC / LOC

High Medium

17,500 USDC

Low

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.