Incorrect Fee Allocation in `initializeFeeTypes` Function
Summary
The initializeFeeTypes function in the FeeCollector contract sets fee allocations in basis points (bps). However, both the Buy/Sell Swap Tax and NFT Royalty Fees exceed the intended total of 2%, violating the requirement that fee allocations must sum to 2% (200 bps).
Vulnerability Details
The contract uses a 10000 bps system, where 100 bps = 1%. Both fee configurations incorrectly sum to 2000 bps = 20% instead of the required 200 bps = 2%.
Buy/Sell Swap Tax (Incorrect)
NFT Royalty Fees (Incorrect)
Impact
Overcharging Users: Users are charged 20% instead of the intended 2%.
Misallocation of Funds: Stakeholders receive incorrect fund distributions.
Protocol Compliance Risks: Failing to meet stated fee parameters can harm trust and regulatory adherence.
Tools Used
Manual code review and bps-to-percentage calculations.
Recommendations
Update the fee values to ensure they total 200 bps = 2%:
This ensures compliance with the 2% total fee requirement.
Lead Judging Commences
Fee shares for fee type 6 and 7 inside FeeCollector do not total up to the expected 10000 basis points, this leads to update problems, moreover they are 10x the specifications
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.