Submission Details
Severity:
The colleted fees should be processed when updating fee type.
Summary
The collect fees is not processed when updating fee types.
Vulnerability Details
The collect fees is not processed when updating fee types.
https://github.com/Cyfrin/2025-02-raac/blob/main/contracts/core/collectors/Treasury.sol#L220-L231
function updateFeeType(uint8 feeType, FeeType calldata newFee) external override {
if (!hasRole(FEE_MANAGER_ROLE, msg.sender)) revert UnauthorizedCaller();
if (feeType > 7) revert InvalidFeeType();
// Validate fee shares total to 100%
if (newFee.veRAACShare + newFee.burnShare + newFee.repairShare + newFee.treasuryShare != BASIS_POINTS) {
revert InvalidDistributionParams();
}
feeTypes[feeType] = newFee;
emit FeeTypeUpdated(feeType, newFee);
}
As a result, the already collected fees are also distributed according to the updated fee types.
Impact
When updating a fee type, the already collected fees are also distributed according to the updated fee types.
Recommendations
The colleted fees should be processed when updating fee type.
Updates
Lead Judging Commences
inallhonesty 7 months ago
Submission Judgement Published Assigned finding tags:
FeeCollector::updateFeeType applies new distribution parameters retroactively to already collected fees, allowing governance to change expected distribution outcomes before execution
inallhonesty 7 months ago
Submission Judgement Published Assigned finding tags:
FeeCollector::updateFeeType applies new distribution parameters retroactively to already collected fees, allowing governance to change expected distribution outcomes before execution
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420
USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.