Certain feeType values are wrong and cannot be updated
Summary
In FeeCollector.sol certain feeType values are wrong and cannot be updated resulting in collecting more fees than stated in the natspec.
Vulnerability Details
In the function FeeCollector::_initializeFeeTypes Buy/Sell Swap Tax and NFT Royalty Fees are both supposed to sum up to 2%. Given that the protocol uses the basis points, used fee values are incorrect:
Additionally, the following check does not enforce the sum correctly for these feeTypes :
The check above makes it impossible to modify incorrectly initialized fee values, making them permanent.
Impact
Beyond the straightforward impact of collecting excess fees, the following checker prevents modifying the incorrectly initialized feeType structure, as all shares must sum up to 100%. Therefore, the initial fee type values remain fixed, causing a collection of 10x higher fees than intended.
Recommendations
To mitigate this issue modify the fee values to match the comments ( remove one zero ) in _initializeFeeTypes function and implement necessary logic in the updateFeeType function to support different sums than 100%.
Lead Judging Commences
Fee shares for fee type 6 and 7 inside FeeCollector do not total up to the expected 10000 basis points, this leads to update problems, moreover they are 10x the specifications
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.