While adding fee receiver if the recipient is not a EOA, it can revert all the fee distribution functions
In VaultControllerStrategy, adding a fee receiver is implemented following way:
Those fees are distributed using transferAndCallFrom function in staking pool's update strategy rewards function
By default transferAndCallFrom function will call fee receiver after sending the funds to the contract and if it's not implemented the correct callback function it will revert whole distribution in staking pool.
It will cause DoS in certain scenarios. The callback function should be implemented in fee receiver and adding fee receiver check that function is implemented or not.
Manual Review
If the receiver is not EOA, checking the function implementation in contract will prevent DoS
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.