Performance share is not distributed in `distributeRevenue()` function
Summary
In GaugeController.sol, emergency admin can call distributeRevenue()function whereby 80% of the amount is distributed to veRAAC holders, while the remaining 20% is attributed to the performance fee. However, the 20% is not distributed anywhere.
Vulnerability Details
As seen in the function above, veRAACshare is calculated to define the amount to be distributed to veRAAC holders and then used to update the accounting in revenueShares mapping. Then, the veRAACShare is distributed to the gauges via _distributeToGauges().
-
The calculated performanceShare is not used to update the existing performanceFees mapping as defined in the contract:
mapping(address => uint256) public performanceFees; // 20% yield products -
There is no handling of the perfomanceShare being actually distributed at all.
Impact
Performance shares are never distributed to gauges, breaking core functionality of the protocol.
Tools Used
Manual
Recommendations
Ensure that performanceShare is distributed to gauge and accounting done for performanceFees mapping.
Lead Judging Commences
GaugeController.distributeRevenue calculates 20% performance fee but never transfers or allocates it to any recipient, causing loss of funds
GaugeController.distributeRevenue calculates 20% performance fee but never transfers or allocates it to any recipient, causing loss of funds
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.