In the MarketMakingEngineConfigurationBranch::configureFeeRecipient
function, the calculation of totalFeeRecipientsShares
is flawed as it adds the new share without first subtracting the old share. This can lead to exceeding the maximum fee share limit, causing unnecessary reverts when updating the shares of an existing fee recipient.
In the code, the total fee recipient shares are computed by adding the new share to the total without accounting for the existing share. This incorrect comparison can trigger the FeeRecipientShareExceedsLimit
error, even if the total shares would remain within the allowed limit after the update.
Add the following test case to test/integration/market-making/market-making-engine-configuration-branch/configureFeeRecipient/configureFeeRecipient.t.sol
to demonstrate the vulnerability.
In this test, we create two fee recipients, each assigned a 50% share. Then, when attempting to reduce the share of the first fee recipient to 10%, the transaction will revert.
The vulnerability causes the system to potentially revert with the FeeRecipientShareExceedsLimit
error when attempting to update a fee recipient's share, even if the new share would not push the total over the maximum limit. This could disrupt operations and prevent legitimate fee recipient updates.
Manual code review.
To fix the issue, subtract the old share from the total fee recipient shares before adding the new share. This will ensure the updated total is correctly calculated and prevent unnecessary reverts.
Corrected code:
This adjustment ensures the fee recipient share update is valid and avoids exceeding the maximum configurable limit.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.