Unabilty to update fee types 6 and 7 in `FeeCollector`
Summary
The FeeCollector contract contains an inconsistency between the initialization of fee types 6 and 7 and the validation logic in the updateFeeType function. While the initial values for these fee types sum to 2000, the update function requires all fee shares to sum to BASIS_POINTS (10000).
Vulnerability Details
In the _initializeFeeTypes function, fee types 6 and 7 are initialized with shares that sum to 2000, which is actually 20% and not 2%:
However, in the updateFeeType function, there's a validation check that requires the sum of all shares to equal BASIS_POINTS (10000):
This means that even though fee types 6 and 7 are initialized with valid business logic , they cannot be updated using the updateFeeType function.
Impact
Due to this limitation it's impossible to update fee types 6 and 7 using the updateFeeType function, as any attempt will revert InvalidDistributionParams because of the validation check.
Recommendations
Consider modifying the updateFeeType function to apply different validation rules for different fee types (for fee types 6 and 7 to check if the shares add up to 2000)
Lead Judging Commences
Fee shares for fee type 6 and 7 inside FeeCollector do not total up to the expected 10000 basis points, this leads to update problems, moreover they are 10x the specifications
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.