Vanguard
First Flight #56
Beginner FriendlyDeFiFoundry
0 EXP
View all submissions
Previous Next
Submission Details
Impact: low
Likelihood: high

`totalPenaltyFeesCollected` state variable is never updated

Author Revealed upon completion

totalPenaltyFeesCollected state variable is never updated

Description

The TokenLaunchHook declares a state variable totalPenaltyFeesCollected intended to track the cumulative amount of penalty fees levied by the hook during the launch phases.

However, the variable is never updated within the _beforeSwap function or any other part of the contract logic. Even when applyPenalty is true and a penalty fee override is returned to the PoolManager, the counter remains at its initial value of 0.

// src/TokenLaunchHook.sol
uint24 feeOverride = 0;
if (applyPenalty) {
@> feeOverride = uint24((phasePenaltyBps * 100));
// Missing: totalPenaltyFeesCollected increment logic
}

Risk

Likelihood:

  • The logic to update the variable is entirely missing from the source code.

Impact:

  • Low. It doesn't lead to a loss of funds

Proof of Concept

function test_Bug_TotalPenaltyFeesNotUpdated() public {
// Setup: Force a penalty
// User swaps once to set cooldown
vm.deal(user1, 1 ether);
vm.startPrank(user1);
SwapParams memory params = SwapParams({
zeroForOne: true,
amountSpecified: -0.001 ether,
sqrtPriceLimitX96: TickMath.MIN_SQRT_PRICE + 1
});
swapRouter.swap{value: 0.001 ether}(key, params, PoolSwapTest.TestSettings({takeClaims: false, settleUsingBurn: false}), ZERO_BYTES);
// Verify initial state is 0
assertEq(antiBotHook.totalPenaltyFeesCollected(), 0, "Initial penalty fees should be 0");
// User swaps AGAIN immediately (triggering penalty)
swapRouter.swap{value: 0.001 ether}(key, params, PoolSwapTest.TestSettings({takeClaims: false, settleUsingBurn: false}), ZERO_BYTES);
// Verify penalty fees collected is STILL 0
assertEq(antiBotHook.totalPenaltyFeesCollected(), 0, "BUG: totalPenaltyFeesCollected was not updated despite penalty applied");
vm.stopPrank();
}

Recommended Mitigation

if (applyPenalty) {
feeOverride = uint24((phasePenaltyBps * 100));
+ totalPenaltyFeesCollected += (swapAmount * phasePenaltyBps) / 10000;
}

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!