Missing Performance Share Distribution
Summary
The distributeRevenue function's implementation incorrectly handles the 20% performance share calculation. While the share is calculated, the function fails to properly distribute or allocate these funds, leading to potential fund mismanagement.
Vulnerability Details
The code calculates but does not distribute the performance share:
After this calculation, the function:
Only distributes the veRACC share (80%)
Leaves the performance share (20%) unhandled
Creates no allocation or transfer mechanism for the calculated amount
Impact
Performance share funds remain trapped in the contract
Intended recipients (treasury, developers, etc.) do not receive allocated funds
Reduced transparency in revenue distribution process
Tools Used
Manual code review
Recommendations
Implement transfer functionality for the performance share
Add dedicated tracking variable for performance share accounting
Lead Judging Commences
GaugeController.distributeRevenue calculates 20% performance fee but never transfers or allocates it to any recipient, causing loss of funds
GaugeController.distributeRevenue calculates 20% performance fee but never transfers or allocates it to any recipient, causing loss of funds
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.