Summary
The _initializeFeeTypes() function in FeeCollector does not correctly initialize feeTypes, leading to incorrect fee allocations.
Vulnerability Details
The issue arises from miscalculations in the allocation of fee shares within the _initializeFeeTypes() function. The basis point parameter is defined as:
uint256 public constant BASIS_POINTS = 10000;
@>1: Performance Fees: 20% from yield products, total ratio 20%, expected distribution ratios are 20% * 60% = 12% and 20% * 40% = 8%, parameters should be 1200, 800
@>2: total ratio 3%, expected ratios are 3% * 50% = 1.5%, 3% * 20% = 0.6%, 3% * 30% = 0.9%, parameters should be: 150, 60, 90
@>3: total ratio 2%, expected ratios are 2% * 25% = 0.5%,2% * 25% = 0.5%,2% * 50% = 1%, the parameters should be:50,50,100
@>4: Total proportion2%, the expected proportions are2% * 25% = 0.5%,2% * 50% = 1%,2% * 25% = 0.5%, the parameters should be:50,100,50
function _initializeFeeTypes() internal {
feeTypes[0] = FeeType({
veRAACShare: 8000,
burnShare: 0,
repairShare: 0,
treasuryShare: 2000
});
feeTypes[1] = FeeType({
veRAACShare: 7000,
burnShare: 0,
repairShare: 0,
treasuryShare: 3000
});
@>1
feeTypes[2] = FeeType({
@>1 veRAACShare: 6000,
burnShare: 0,
repairShare: 0,
@>1 treasuryShare: 4000
});
@>2
feeTypes[3] = FeeType({
@>2 veRAACShare: 5000,
burnShare: 0,
@>2 repairShare: 2000,
@>2 treasuryShare: 3000
});
feeTypes[4] = FeeType({
veRAACShare: 6000,
burnShare: 0,
repairShare: 2000,
treasuryShare: 2000
});
feeTypes[5] = FeeType({
veRAACShare: 7000,
burnShare: 0,
repairShare: 0,
treasuryShare: 3000
});
@>3
feeTypes[6] = FeeType({
@>3 veRAACShare: 500,
@>3 burnShare: 500,
@>3 repairShare: 1000,
treasuryShare: 0
});
@>4
feeTypes[7] = FeeType({
@>4 veRAACShare: 500,
burnShare: 0,
@>4 repairShare: 1000,
@>4 treasuryShare: 500
});
}
Impact
The incorrect initialization of feeTypes results in improper fee allocations, potentially leading to financial discrepancies and losses for project participants.
Tools Used
Manual Review
Recommendations
Ensure feeTypes is initialized with the correct parameters as follows:
function _initializeFeeTypes() internal {
// Protocol Fees: 80% to veRAAC holders, 20% to treasury
feeTypes[0] = FeeType({
veRAACShare: 8000, // 80%
burnShare: 0,
repairShare: 0,
treasuryShare: 2000 // 20%
});
// Lending Fees: Interest income distribution
feeTypes[1] = FeeType({
veRAACShare: 7000, // 70%
burnShare: 0,
repairShare: 0,
treasuryShare: 3000 // 30%
});
// Performance Fees: 20% from yield products
feeTypes[2] = FeeType({
- veRAACShare: 6000, // 60%
+ veRAACShare: 1200, // 20% * 60%
burnShare: 0,
repairShare: 0,
- treasuryShare: 4000 // 40%
+ treasuryShare: 800 // 20% * 40%
});
// Insurance Fees: 3% from NFT loans
feeTypes[3] = FeeType({
- veRAACShare: 5000, // 50%
+ veRAACShare: 150, // 50%
burnShare: 0,
- repairShare: 2000, // 20%
+ repairShare: 60, // 20%
- treasuryShare: 3000 // 30%
+ treasuryShare: 90 // 30%
});
// Mint/Redeem Fees
feeTypes[4] = FeeType({
veRAACShare: 6000, // 60%
burnShare: 0,
repairShare: 2000, // 20%
treasuryShare: 2000 // 20%
});
// Vault Fees
feeTypes[5] = FeeType({
veRAACShare: 7000, // 70%
burnShare: 0,
repairShare: 0,
treasuryShare: 3000 // 30%
});
// Buy/Sell Swap Tax (2% total)
feeTypes[6] = FeeType({
- veRAACShare: 500, // 0.5%
- burnShare: 500, // 0.5%
- repairShare: 1000, // 1.0%
+ veRAACShare: 50, // 0.5%
+ burnShare: 50, // 0.5%
+ repairShare: 100, // 1.0%
treasuryShare: 0
});
// NFT Royalty Fees (2% total)
feeTypes[7] = FeeType({
- veRAACShare: 500, // 0.5%
+ veRAACShare: 50, // 0.5%
burnShare: 0,
- repairShare: 1000, // 1.0%
+ repairShare: 100, // 1.0%
- treasuryShare: 500 // 0.5%
+ treasuryShare: 50 // 0.5%
});
}
