Inconsistency in fee distribution #41
Labels
1 (Low Risk)
Assets are not at risk. State handling, function incorrect as to spec, issues with comments
bug
Something isn't working
sponsor acknowledged
Technically the issue is correct, but we're not going to resolve it for XYZ reasons
Handle
csanuragjain
Vulnerability details
Impact
Inconsistent fee disbursal
Proof of Concept
Navigate to contract https://github.com/code-423n4/2021-12-nftx/blob/main/nftx-protocol-v2/contracts/solidity/NFTXSimpleFeeDistributor.sol
Lets see distribute function and assume there are 5 feeReceivers
Assume that distribution to 4 feeReceivers was success and loop is on last feeReceivers
Assume the transfer on last fee receiver was not success and leftover came to be 10. Also lets say currently vault balance for contract is 20.
Now since leftover >0 so full vault balance is calculated and is sent to treasury
Recommended Mitigation Steps
Change the condition
The text was updated successfully, but these errors were encountered: