Part 2

Zaros

PerpetualsDEXFoundrySolidity

70,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Incorrect Comparison Operator in FeeConversionKeeper::checkFeeDistributionNeeded Function

josh4324

Summary

The function checkFeeDistributionNeeded is responsible for determining whether the collected fee should be distributed based on a minimum fee distribution threshold (minFeeDistributionValueUsd). The function compares the asset value in USD to this minimum threshold using the > operator:

Vulnerability Details

function checkFeeDistributionNeeded(

address asset,

uint256 collectedFee

)

public

view

returns (bool distributionNeeded)

{

// load keeper data from storage

FeeConversionKeeperStorage storage self = _getFeeConversionKeeperStorage();

/// get asset value in USD

uint256 assetValue = self.marketMakingEngine.getAssetValue(asset, collectedFee);

// if asset value GT min distribution value return true

@> distributionNeeded = assetValue > self.minFeeDistributionValueUsd;

}

This strictly requires the asset value to be greater than the minimum threshold, meaning that if the asset value is exactly equal to the minFeeDistributionValueUsd, the function returns false, preventing the distribution.

The function excludes exact threshold values, causing unnecessary delays in fee distribution.

The function uses > instead of >=, requiring fees to be strictly greater than the minimum threshold.

If the collected fee equals the minimum threshold, distribution will not happen, even though it should.

This can result in fees accumulating in the contract longer than intended, delaying or even blocking distributions indefinitely if fees never exceed the threshold.

Impact

Fees will remain stuck in the contract if they do not exceed the threshold but match it.

Delays in distributing funds to recipients could impact operational efficiency.

If many fees hit the exact threshold but are not processed, it creates inefficiencies and forces keepers to call the function more frequently.

Tools Used

Manual Review

Recommendations

Modify the comparison operator from > to >= to ensure exact threshold values trigger distribution.

function checkFeeDistributionNeeded(

address asset,

uint256 collectedFee

)

public

view

returns (bool distributionNeeded)

{

// load keeper data from storage

FeeConversionKeeperStorage storage self = _getFeeConversionKeeperStorage();

/// get asset value in USD

uint256 assetValue = self.marketMakingEngine.getAssetValue(asset, collectedFee);

// if asset value GT min distribution value return true

- distributionNeeded = assetValue > self.minFeeDistributionValueUsd;

+ distributionNeeded = assetValue >= self.minFeeDistributionValueUsd;

}

Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

70,000 USDC

nSLOC

3,258

21 USDC / LOC

High Medium

66,500

Low

3,500

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.