Submission Details
Severity:
The performance fee calculated in `distributeRevenue` function should be deposited to the `FeeCollector`
Summary
As of right now there is now such call of the FeeCollector::collectFee function, which will lead to funds remaining into the GaugeController during times
of emergency
Vulnerability Details
As can be seen right here such amount is calculated but it is never done anything with:
function distributeRevenue(
GaugeType gaugeType,
uint256 amount
) external onlyRole(EMERGENCY_ADMIN) whenNotPaused {
if (amount == 0) revert InvalidAmount();
uint256 veRAACShare = (amount * 80) / 100; // 80% to veRAAC holders
@> uint256 performanceShare = (amount * 20) / 100; // 20% performance fee
revenueShares[gaugeType] += veRAACShare;
_distributeToGauges(gaugeType, veRAACShare);
emit RevenueDistributed(
gaugeType,
amount,
veRAACShare,
performanceShare
);
}
This can be truly dangerous during emergency times and may less funds to distribute in the FeeCollector
Impact
Less funds for distribution in the FeeCollector and amount of tokens remaining in the GaugeController during emergency
Tools Used
Manual Review
Recommendations
call the FeeCollector::collectFees instead of doing nothing
Updates
Lead Judging Commences
inallhonesty 3 months ago
Submission Judgement Published Assigned finding tags:
GaugeController.distributeRevenue calculates 20% performance fee but never transfers or allocates it to any recipient, causing loss of funds
inallhonesty 3 months ago
Submission Judgement Published Assigned finding tags:
GaugeController.distributeRevenue calculates 20% performance fee but never transfers or allocates it to any recipient, causing loss of funds
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.