Submission Details
Severity:
Code and developer code comment are mismatching
Summary
Vulnerability Details
FeeCollector.sol contract code with comment
* @dev Fixed values used in calculations and validations
* - BASIS_POINTS Percentage calculation base (10000 = 100%)
uint256 public constant BASIS_POINTS = 10000;
that means protocol using BIPs, where 1% == 100 Bips so 100% == 100_00 BIPs
Now,
_initializeFeeTypes()has following code lines
// Buy/Sell Swap Tax (2% total)
feeTypes[6] = FeeType({
veRAACShare: 500, // 0.5%
burnShare: 500, // 0.5%
repairShare: 1000, // 1.0%
treasuryShare: 0
});
// NFT Royalty Fees (2% total)
feeTypes[7] = FeeType({
veRAACShare: 500, // 0.5%
burnShare: 0,
repairShare: 1000, // 1.0% // @audit wrong comments
treasuryShare: 500 // 0.5%
});
which is wrong,
Correct value will be
// Buy/Sell Swap Tax (2% total)
feeTypes[6] = FeeType({
veRAACShare: 50, // 0.5%
burnShare: 50, // 0.5%
repairShare: 100, // 1.0%
treasuryShare: 0
});
// NFT Royalty Fees (2% total)
feeTypes[7] = FeeType({
veRAACShare: 50, // 0.5%
burnShare: 0,
repairShare: 100, // 1.0%
treasuryShare: 50 // 0.5%
});
Impact
incorrect calculation, as parameters are wrong.
Tools Used
manual review
Recommendations
Updates
Lead Judging Commences
inallhonesty 2 months ago
Submission Judgement Published Assigned finding tags:
Fee shares for fee type 6 and 7 inside FeeCollector do not total up to the expected 10000 basis points, this leads to update problems, moreover they are 10x the specifications
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.