Core Contracts

Summary

The FeeCollector contract has discrepancies between the specified fee percentages in the Natspec comments and the actual values set in the code. Additionally, the current implementation prevents the admin from updating these fees due to strict validation logic.

Vulnerability Details

1. Incorrect Fee Percentages: According to the Natspec comments, the fees for the Buy/Sell Swap Tax and NFT Royalty Fees should be 0.5% and 1%, respectively. However, the actual values set in the code are:

   • Buy/Sell Swap Tax:

     • veRAACShare: 500 (5%)

     • burnShare: 500 (5%)

     • repairShare: 1000 (10%)

   • NFT Royalty Fees:

     • veRAACShare: 500 (5%)

     • repairShare: 1000 (10%)

     • treasuryShare: 500 (5%)

2. Inability to Update Fees: The updateFeeType function checks if the sum of veRAACShare, burnShare, repairShare, and treasuryShare equals 100% (10000 basis points). If the sum is different, it reverts with the error InvalidDistributionParams(). This strict validation prevents the admin from adjusting the fees to the intended values.

Impact

This vulnerability can lead to confusion and frustration among users and admins, as the actual fee percentages do not match the documented expectations. Additionally, the inability to update the fees can hinder the contract's flexibility and responsiveness to changing requirements.

Recommendations

1. Correct Fee Values: Update the fee values in the code to reflect the intended percentages of 0.5% and 1% as specified in the Natspec comments.

2. Revise Validation Logic: Modify the updateFeeType function to allow for adjustments to the fees while ensuring that the total does not exceed 100%. This could involve implementing a more flexible validation mechanism that accommodates the intended fee structure.