Submission Details
Severity:
When distributing the tokens in GaugeController.sol the performanceShares are never updates
Summary
When distributing the tokens in GaugeController.sol the performanceShares are never updates unlike the revenueShares
Vulnerability Details
There are 2 mapping to store the 80% of the protocol fees and 20% for yield products:
/**
* @notice Revenue sharing configuration
* @dev Mappings for protocol fees and performance fees
* revenueShares: Protocol fee shares by gauge type (80% protocol fees)
* performanceFees: Performance fee rates by gauge (20% yield products)
*/
mapping(GaugeType => uint256) public revenueShares; // 80% protocol fees
mapping(address => uint256) public performanceFees; // 20% yield products
When using the distributeRevenue it should update both of the mappings and distribute the Gauges, however it updates only the revenueShares and all of the performance shares are lost.
\
function distributeRevenue(GaugeType gaugeType, uint256 amount) external onlyRole(EMERGENCY_ADMIN) whenNotPaused {
if (amount == 0) revert InvalidAmount();
uint256 veRAACShare = amount * 80 / 100; // 80% to veRAAC holders
uint256 performanceShare = amount * 20 / 100; // 20% performance fee
revenueShares[gaugeType] += veRAACShare;
//@audit performanceFees are not updates;
_distributeToGauges(gaugeType, veRAACShare);
emit RevenueDistributed(gaugeType, amount, veRAACShare, performanceShare);
}
Impact
performance shares are all lost
Tools Used
Recommendations
update the performanceFees mapping like the revenueShares
Updates
Lead Judging Commences
inallhonesty about 2 months ago
Submission Judgement Published Assigned finding tags:
GaugeController.distributeRevenue calculates 20% performance fee but never transfers or allocates it to any recipient, causing loss of funds
inallhonesty about 2 months ago
Submission Judgement Published Assigned finding tags:
GaugeController.distributeRevenue calculates 20% performance fee but never transfers or allocates it to any recipient, causing loss of funds
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.