Submission Details
Severity:
_totalFeesBasisPoints is not checked in the constructor in LSTRewardsSplitter.sol
Summary
The total fees must not be above 10000 in LSTRewardsSplitter.sol. This is checked using _totalFeesBasisPoints() > 10000, which is present in updateFee() and addFee() but not checked in the constructor.
Vulnerability Details
addFee() in LSTRewardsSplitter.sol checks if the total fees is above 10000.
function addFee(address _receiver, uint256 _feeBasisPoints) external onlyOwner {
fees.push(Fee(_receiver, _feeBasisPoints));
if (_totalFeesBasisPoints() > 10000) revert FeesExceedLimit();
}
It is not checked in the constructor:
constructor(address _lst, Fee[] memory _fees, address _owner) {
controller = ILSTRewardsSplitterController(msg.sender);
lst = IERC677(_lst);
for (uint256 i = 0; i < _fees.length; ++i) {
> fees.push(_fees[i]);
}
_transferOwnership(_owner);
}
modifier onlyController() {
if (msg.sender != address(controller)) revert SenderNotAuthorized();
_;
}
Impact
Fees can be set above 10000.
Tools Used
Manual Review
Recommendations
Add if (_totalFeesBasisPoints() > 10000) revert FeesExceedLimit(); in the constructor.
Prize pool breakdown
Total prize
50,000 USDC
nSLOC
2,53020 USDC / LOC
42,000 USDC
4,250 USDC
3,750 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.