Submission Details
Severity:
The `FeeCollector:_processDistributions` function reverts if contract balance is lower than total fees, wich will always be true because when the `FeeCollector:collectFee` transfer the `RAACToken`, fees are applied.
Description:
The `FeeCollector:_processDistributions` function check if the contract balance is lower than totalFees, statement that will always be true because when fees are collect by the `FeeCollector`, using the `FeeCollector:collectFees` function, fees are charge to the transfer from `msg.sender` to the `FeeCollector` contract.
Impact:
The `FeeCollector:_processDistributions` function will always revert and fees are going to be blocked in this contract unless a external address transfer enough RAACToken to make this statement false.
Proof of Concept:
<details><summary>Proof of Code</summary>
**Here are the steps to run the Foundry PoC:**
1. Open the `linux terminal`, `wsl` in windows.
2. `nomicfoundation` installation:
- If you have `npm` installed run this command:
- `npm install --save-dev @nomicfoundation/hardhat-foundry`
- If you have `yarn` installed run this command:
- `yarn add --dev @nomicfoundation/hardhat-foundry`
- If you have `pnpm` installed run this command:
- `pnpm add --save-dev @nomicfoundation/hardhat-foundry`
3. open the `hardhat.config.cjs`
- Paste this at the begining of the code:
- `require("@nomicfoundation/hardhat-foundry");`
4. run `npx hardhat init-foundry`
- This task will create a `foundry.toml` file with the right configuration and install `forge-std`
5. In the `test/` forlder create a new folder called `ProofOfCodes`
6. In this `test/ProofOfCodes` folder create a new file and paste the following code
7. To run the test you should run `forge test --mt test_cantDistributeCollectedFees -vvvv`
```solidity
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.19;
import {Test,console2} from "lib/forge-std/src/Test.sol";
import {DebtToken} from "contracts/core/tokens/DebtToken.sol";
import {RAACToken} from "contracts/core/tokens/RAACToken.sol";
import {DEToken} from "contracts/core/tokens/DEToken.sol";
import {RToken} from "contracts/core/tokens/RToken.sol";
import {veRAACToken} from "contracts/core/tokens/veRAACToken.sol";
import {FeeCollector, IFeeCollector} from "contracts/core/collectors/FeeCollector.sol";
import {Treasury} from "contracts/core/collectors/Treasury.sol";
contract StabilityPoolPoc is Test {
RAACToken raacToken;
FeeCollector feeCollector;
veRAACToken veRaacToken;
Treasury treasury;
address admin = makeAddr("admin");
address initialOwner = makeAddr("initialOwner");
address repairFund = makeAddr("repairFund");
address minter = makeAddr("minter");
address reciver = makeAddr("reciver");
address user = makeAddr("user");
function setUp() external {
vm.roll(block.number + 100);
vm.warp(block.timestamp + 10 days);
vm.startPrank(initialOwner);
treasury = new Treasury(admin);
raacToken = new RAACToken(initialOwner, 0, 0);
veRaacToken = new veRAACToken(address(raacToken));
feeCollector = new FeeCollector(address(raacToken), address(veRaacToken), address(treasury), repairFund, admin);
raacToken.setMinter(minter);
raacToken.setFeeCollector(address(feeCollector));
vm.stopPrank();
}
function test_cantDistributeCollectedFees() external {
uint256 amount = 10e18;
uint256 duration = 730 days;
vm.startPrank(minter);
raacToken.mint(user,amount);
raacToken.mint(address(this), 100e18);
vm.stopPrank();
assertEq(veRaacToken.balanceOf(user), 0);
vm.startPrank(user);
raacToken.approve(address(veRaacToken), amount);
veRaacToken.lock(amount, duration);
vm.stopPrank();
assert(veRaacToken.balanceOf(user) > 0);
raacToken.approve(address(feeCollector), 100e18);
feeCollector.collectFee(100e18, 0);
vm.prank(admin);
vm.expectRevert(IFeeCollector.InsufficientBalance.selector);
feeCollector.distributeCollectedFees();
}
}
```
</details>
Recommended Mitigation:
- Take into consideration the fees making this validation
- Remove fees in the collect fees funcion.
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.