Submission Details
Severity:
updateFeeType in feeCollector can be dos
Summary
updateFeeType Validate fee shares total to 100% , however not all type fee shares is equal to 100%,eg: Buy/Sell Swap Tax (2% total) , NFT Royalty Fees (2% total)
Vulnerability Details
function updateFeeType(uint8 feeType, FeeType calldata newFee) external override {//@audit update the fee type not dis old reward.
if (!hasRole(FEE_MANAGER_ROLE, msg.sender)) revert UnauthorizedCaller();
if (feeType > 7) revert InvalidFeeType();
// Validate fee shares total to 100%
if (newFee.veRAACShare + newFee.burnShare + newFee.repairShare + newFee.treasuryShare != BASIS_POINTS) { //@audit not all type eq 10_000
revert InvalidDistributionParams();
}
feeTypes[feeType] = newFee;
emit FeeTypeUpdated(feeType, newFee);
}
From feeCollector updateFeeType we can see there is a validation ensure total fee shares is 100%(10000)
Note that from the default configure:
// Buy/Sell Swap Tax (2% total)
feeTypes[6] = FeeType({
veRAACShare: 500, // 0.5%
burnShare: 500, // 0.5%
repairShare: 1000, // 1.0%
treasuryShare: 0
});
// NFT Royalty Fees (2% total)
feeTypes[7] = FeeType({
veRAACShare: 500, // 0.5%
burnShare: 0,
repairShare: 1000, // 1.0%
treasuryShare: 500 // 0.5%
});
}
both Swap Tax and NFT Royalty Fees is 2%(2_000) , if owner want to modify fee from 2%->3% , above updateFeeType revert due to above check
Impact
dos
Tools Used
Foundry
Recommendations
Only need to check total fee not exceed the max
Updates
Lead Judging Commences
inallhonesty 2 months ago
Submission Judgement Published Assigned finding tags:
Fee shares for fee type 6 and 7 inside FeeCollector do not total up to the expected 10000 basis points, this leads to update problems, moreover they are 10x the specifications
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.