In the LSTRewardsSplitter
contract, the constructor is missing a critical check to validate that the total fee basis points do not exceed 10000 (100%). While this check is present in the addFee
and updateFee
functions, it is absent during initialization, leading to a potential risk of incorrect reward allocation.
The constructor of the LSTRewardsSplitter
contract does not validate whether the total fee basis points from the _fees
array exceed 10000 (100%). This could allow an invalid fee structure to be set during initialization, resulting in reward misallocation.
https://github.com/Cyfrin/2024-09-stakelink/blob/f5824f9ad67058b24a2c08494e51ddd7efdbb90b/contracts/core/lstRewardsSplitter/LSTRewardsSplitter.sol#L50-L57
Without validation, total fees could exceed 100%, leading to more rewards being allocated than available. This would break the reward distribution mechanism and result in reward misallocation or contract failure.
Ensure that the total fee basis points do not exceed 10000 (100%) during initialization, similar to the checks in addFee
and updateFee
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.