Submission Details
Severity:
Incorrect Fee Type Percentages Due to 10x Multiplier in FeeCollector's Constants
Summary
The FeeCollector::_initializeFeeTypes has hardcoded fee percentages that are 10 times higher than intended, causing excessive fees to be taken from users and incorrect distribution of protocol fees.
Vulnerability Details
In FeeCollector.sol, several fee type values are incorrectly set:
function _initializeFeeTypes() internal {
.
.
.
// Buy/Sell Swap Tax (2% total)
feeTypes[6] = FeeType({
@> veRAACShare: 500, // 0.5%
@> burnShare: 500, // 0.5%
@> repairShare: 1000, // 1.0%
treasuryShare: 0
});
// NFT Royalty Fees (2% total)
feeTypes[7] = FeeType({
@> veRAACShare: 500, // 0.5%
burnShare: 0,
@> repairShare: 1000, // 1.0%
@> treasuryShare: 500 // 0.5%
});
}
These constants represent basis points, where:
100 basis points = 1%
1000 basis points = 10%
Current values are 10x too high
Impact
Users pay 10x more fees than documented and incorrect distribution of protocol fees
Tools Used
Manual review
Recommendations
Correct the fee type constants
Updates
Lead Judging Commences
inallhonesty 4 months ago
Submission Judgement Published Assigned finding tags:
Fee shares for fee type 6 and 7 inside FeeCollector do not total up to the expected 10000 basis points, this leads to update problems, moreover they are 10x the specifications
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.