Omniscia Euler Finance Audit
Fee Manual Review Findings
Fee Manual Review Findings
FEE-01M: Inconsistent Maintenance of Performance Fee
| Type | Severity | Location |
|---|---|---|
| Logical Fault |  | Fee.sol:L23, L34 |
Description:
The FeeModule::setFeeRecipient function will permit the feeRecipient to be arbitrarily written to, including being set as the zero-address, whilst the FeeModule::setPerformanceFee function will prevent a fee from being configured if the active feeRecipient is empty.
Impact:
If the system ever configures a fee recipient of 0 with a non-zero performance fee, the administrator will be mandated to set a fee recipient before adjusting the performance fee to the desired percentage.
Example:
16/// @notice Set performance fee recipient address.17/// @param _newFeeRecipient Recipient address.18function setFeeRecipient(address _newFeeRecipient) external virtual nonReentrant {19 YieldAggregatorStorage storage $ = Storage._getYieldAggregatorStorage();20
21 emit Events.SetFeeRecipient($.feeRecipient, _newFeeRecipient);22
23 $.feeRecipient = _newFeeRecipient;24}25
26/// @notice Set performance fee (1e18 == 100%).27/// @param _newFee Fee rate.28function setPerformanceFee(uint96 _newFee) external virtual nonReentrant {29 YieldAggregatorStorage storage $ = Storage._getYieldAggregatorStorage();30
31 uint96 performanceFeeCached = $.performanceFee;32
33 require(_newFee <= Constants.MAX_PERFORMANCE_FEE, Errors.MaxPerformanceFeeExceeded());34 require($.feeRecipient != address(0), Errors.FeeRecipientNotSet());35
36 emit Events.SetPerformanceFee(performanceFeeCached, _newFee);37
38 $.performanceFee = _newFee;39}Recommendation:
We advise the performance fee to be configurable at any point in time, or the fee recipient's erasure to set the active performanceFee to 0 so as to ensure consistency in the way the performance fee structure is maintained.
Alleviation:
The Euler Finance team evaluated this exhibit and opted to not apply an alleviation to it citing time constraints.
We would like to note that an edge case presently exists in the codebase whereby a non-zero fee configuration will remain after the fee recipient has been removed and will be re-enabled the moment a new fee recipient has been configured without the capability to update it prior to the new recipient's configuration.
We consider this edge case to be known to the Euler Finance team and thus this exhibit to be acknowledged safely.