`distributeRevenue` Problems
Summary
In the GaugeController.sol contract the distributeRevenue function does not check the performance fee and does not verify if there are enough tokens in the controller to distribute, which can lead to potential issues during reward distribution.
Vulnerability Details
The vulnerability arises from the distributeRevenue function, which is responsible for distributing revenue between veToken holders and gauges. The function does not check if the performance fee is correctly calculated and does not verify if there are enough tokens in the controller to cover the distribution. This can lead to situations where the function attempts to distribute more tokens than are available, resulting in failed transactions and potential inconsistencies in the reward distribution process.
Impact
The impact of this vulnerability is that it can lead to failed transactions and inconsistencies in the reward distribution process. If the function attempts to distribute more tokens than are available, it can result in failed transactions, leading to user frustration and potential financial discrepancies. It undermines the reliability and stability of the reward distribution mechanism, potentially affecting user trust in the protocol.
Tools Used
Manual Review
Recommendations
To mitigate this vulnerability, update the distributeRevenue function to check the performance fee and verify if there are enough tokens in the controller to cover the distribution.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.