Part 2
Zaros
PerpetualsDEXFoundrySolidity
70,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

`claimFees` Allows Fee Claims From Paused Vaults

0xshoonya

Summary

The claimFees function in FeeDistributionBranch.sol uses Vault.load() instead of Vault.loadLive(), allowing users to claim fees from paused vaults. This bypasses the vault's pause mechanism which is designed to halt all vault operations during paused state.

Vulnerability Details

The claimFees function uses basic vault loading without status validation:

function claimFees(uint128 vaultId) external {
// Uses basic load without vault status check
@> Vault.Data storage vault = Vault.load(vaultId);
bytes32 actorId = bytes32(uint256(uint160(msg.sender)));
// Checks shares and claims fees
if (vault.wethRewardDistribution.actor[actorId].shares == 0)
revert Errors.NoSharesAvailable();
UD60x18 amountToClaimX18 = vault.wethRewardDistribution.getActorValueChange(actorId).intoUD60x18();
if (amountToClaimX18.isZero())
revert Errors.NoFeesToClaim();
// Updates distribution state and transfers WETH
vault.wethRewardDistribution.accumulateActor(actorId);
address weth = MarketMakingEngineConfiguration.load().weth;
// ... WETH transfer logic
}

The issue arises because:

  1. Vault.load() is used which doesn't check vault status

  2. Fees can be claimed even when the vault is paused

  3. This contradicts the vault's pause mechanism which should halt all operations

Impact

Allows fee claims when vault operations should be frozen

Tools Used

Manual Review

Recommendations

Use Vault.loadLive() to enforce proper vault status validation:

function claimFees(uint128 vaultId) external {
- Vault.Data storage vault = Vault.load(vaultId);
+ Vault.Data storage vault = Vault.loadLive(vaultId);
bytes32 actorId = bytes32(uint256(uint160(msg.sender)));
// ...
}
Updates

Lead Judging Commences

inallhonesty Lead Judge
10 months ago
inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!