Submission Details
Severity:
FeeCollector contract can be left in a broken state if fees increase for a fee type
Summary
FeeCollector contract can be left in a broken state if fees increase for a fee type
Vulnerability Details
When admin increases the fees for a type, it stores it in a mapping. The problem with this approach is that it doesnt track anywhere the historical changes. If the new fees are larger than the previous amounts, the contract can be left in a broken state, because rewards calculation will always assume that fee type amount was always the same during the whole collection period.
Impact
Contract can be left broken, withdraw and distribution can fail
Tools Used
Manual review
Recommendations
Updates
Lead Judging Commences
inallhonesty 3 months ago
Submission Judgement Published Assigned finding tags:
FeeCollector::updateFeeType applies new distribution parameters retroactively to already collected fees, allowing governance to change expected distribution outcomes before execution
inallhonesty 3 months ago
Submission Judgement Published Assigned finding tags:
FeeCollector::updateFeeType applies new distribution parameters retroactively to already collected fees, allowing governance to change expected distribution outcomes before execution
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.