Missing Performance Fee Distribution in GaugeController::distributeRevenue Function
Summary
The distributeRevenue function is designed to allocate revenue to different stakeholders. It splits the provided amount into:
80% allocated to
veRAACholders (veRAACShare)20% allocated as a performance fee (
performanceShare)
However, the function only distributes the veRAACShare to the respective gauges and completely ignores the performanceShare allocation. This results in the performance fee remaining unallocated, which contradicts the intended behavior.
Vulnerability Details
The function calculates performanceShare = 20% of amount, but does nothing with it. The performanceShare remains unallocated, potentially causing fund mismanagement if untracked.
Since performanceShare is not explicitly distributed or stored in a trackable variable, these funds may remain stuck in the contract without a retrieval mechanism.
The event RevenueDistributed(gaugeType, amount, veRAACShare, performanceShare); is emitted, misleading observers into believing that the performance fee has been allocated, when in reality, it has not been handled.
Impact
Users relying on fee distributions may be impacted, as stakeholders expecting performance fees will not receive them.
Tools Used
Manual Review
Recommendations
Modify the distributeRevenue function to properly allocate the performance fee to an appropriate recipient.
Lead Judging Commences
GaugeController.distributeRevenue calculates 20% performance fee but never transfers or allocates it to any recipient, causing loss of funds
GaugeController.distributeRevenue calculates 20% performance fee but never transfers or allocates it to any recipient, causing loss of funds
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.