Fee Type 6 and 7 are expected to be 2% but they are 20%
Vulnerability Details
At FeeController::_initializeFeeTypes() we can see that fee types with index 6 and 7 are meant to have only a total sum of 2%.
Yet they have a total sum of 20% each, see here. This is because BASIS_POINTS == 10_000 == 100%, thus 20% == 2_000. Precisely what they add up to:
Impact
The tax will be x10 higher than expected for the Buy/Sell Swap Tax and NFT Royalty Fees fee types.
This affects the distributeCollectedFees()::_calculateDistribution() which uses the feeTypes state, distributing more fees than it should to the swap tax (index number 6) and NFT royalty fees (index number 7).
Recommendations
Divide by 10 each of the initialization values on the FeeController::_initializeFeeTypes() function to have a total sum of 2% for each of the fee types:
Lead Judging Commences
Fee shares for fee type 6 and 7 inside FeeCollector do not total up to the expected 10000 basis points, this leads to update problems, moreover they are 10x the specifications
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.