Summary
The updateFeeType()
function in FeeCollector.sol checks that the newFee
adds up to 10,000.
However, there are some fee type that does not intend for the fee to add up to 10,000, like the Buy/Sell Swap Tax fee (2%) and the NFT Royalty Fees (2%).
Vulnerability Details
The updateFeeType() function checks that the feeType
must add up to BASIS_POINTS
(10,000)
function updateFeeType(uint8 feeType, FeeType calldata newFee) external override {
if (!hasRole(FEE_MANAGER_ROLE, msg.sender)) revert UnauthorizedCaller();
if (feeType > 7) revert InvalidFeeType();
> if (newFee.veRAACShare + newFee.burnShare + newFee.repairShare + newFee.treasuryShare != BASIS_POINTS) {
revert InvalidDistributionParams();
}
feeTypes[feeType] = newFee;
emit FeeTypeUpdated(feeType, newFee);
}
While the check works for some feeTypes
, in _initializeFeeTypes()
, there are two types of fees that does not add up to 10,000.
feeTypes[5] = FeeType({
veRAACShare: 7000,
burnShare: 0,
repairShare: 0,
treasuryShare: 3000
});
> feeTypes[6] = FeeType({
veRAACShare: 500,
burnShare: 500,
repairShare: 1000,
treasuryShare: 0
});
> feeTypes[7] = FeeType({
veRAACShare: 500,
burnShare: 0,
repairShare: 1000,
treasuryShare: 500
});
Impact
feeTypes[6]
and feeTypes[7]
cannot be changed appropriately
Tools Used
Manual Review
Recommendations
Ensure that for those two fee types, the fees do not need to add up to 100%, but it must be below 100%, something like this:
if (feeType < 6){
if (newFee.veRAACShare + newFee.burnShare + newFee.repairShare + newFee.treasuryShare != BASIS_POINTS) {
revert InvalidDistributionParams();
}
}
if (feeType == 6 || feeType == 7{
newFee.veRAACShare + newFee.burnShare + newFee.repairShare + newFee.treasuryShare < BASIS_POINTS
}