Submission Details
Severity:
Performance share is not distributed to veRAAC holders in `GaugeController.sol::distributeRevenue()`.
Summary
Contract - GaugeController.sol
The performanceShare to be distributed to all veRAAC holder. but it's not happening in current implementation of distributeRevenue() function.
/**
* @notice Distributes revenue between veToken holders and gauges
* @dev Only callable by emergency admin
* @param gaugeType Type of gauge for distribution
* @param amount Amount to distribute
*/
function distributeRevenue(
GaugeType gaugeType,
uint256 amount
) external onlyRole(EMERGENCY_ADMIN) whenNotPaused {
if (amount == 0) revert InvalidAmount();
uint256 veRAACShare = amount * 80 / 100; // 80% to veRAAC holders
uint256 performanceShare = amount * 20 / 100; // 20% performance fee
revenueShares[gaugeType] += veRAACShare;
_distributeToGauges(gaugeType, veRAACShare);
emit RevenueDistributed(gaugeType, amount, veRAACShare, performanceShare);
}
Vulnerability Details
veRAAC holder not receiving performance shares.
Impact
Bad reputation to protocol as it's not doing what it supposed to do.
Loss of funds to users (as they are not receiving performance share).
Tools Used
Manual
Recommendations
Distribute performance share to all veRAAC holders.
Updates
Lead Judging Commences
inallhonesty 7 months ago
Submission Judgement Published Assigned finding tags:
GaugeController.distributeRevenue calculates 20% performance fee but never transfers or allocates it to any recipient, causing loss of funds
inallhonesty 7 months ago
Submission Judgement Published Assigned finding tags:
GaugeController.distributeRevenue calculates 20% performance fee but never transfers or allocates it to any recipient, causing loss of funds
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420
USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.