Omniscia Nexera Audit
PropPacketsGatheredFeeCollectorFacetStorage Manual Review Findings
PropPacketsGatheredFeeCollectorFacetStorage Manual Review Findings
PPC-01M: Inexistent Validation of Fee Proportion
| Type | Severity | Location |
|---|---|---|
| Logical Fault |  | PropPacketsGatheredFeeCollectorFacetStorage.sol:L103 |
Description:
The fee proportion is not validated to be at most BASE_100_PERCENT, permitting the fees of a particular campaign to tap into the funds held for another and then underflow.
Impact:
A misconfigured fee proportion will tap into the funds of other campaigns and then result in an underflow error.
Example:
packages/contracts/contracts/privateFacets/doReceiveFacets/PropPacketsGatheredFeeCollectorFacetStorage.sol
85function initDoReceiveFeeCollectorFacet(86 Layout storage l,87 bytes calldata initDoReceiveFeeCollectorData88) internal returns (address, address, uint256) {89 if (l.isInitialized) revert AlreadyInitialized();90
91 (address feeCollector, address limitSetter, uint256 feeProportion) = abi.decode(92 initDoReceiveFeeCollectorData,93 (address, address, uint256)94 );95
96 // If feeProportion is 0, then nothing should be checked or stored.97 // If a function that can change feeProportion is added, then on the case feeProportion == 0, we should store feeCollector anyways.98 if (feeProportion != 0) {99 if (feeCollector == address(0) || limitSetter == address(0)) revert WrongInitializationData();100
101 l.feeCollector = feeCollector;102 l.limitSetter = limitSetter;103 l.feeProportion = feeProportion;104 }105
106 l.isInitialized = true;107
108 return (l.feeCollector, l.limitSetter, l.feeProportion);109}Recommendation:
We advise the code to ensure that the maximum feeProportion imposed is BASE_100_PERCENT, preventing such misbehaviours from arising.
Alleviation (d682057ecb0e254069773d64f32c068cedb71e2a):
The feeProportion is now validated as advised, yielding a WrongInitializationData error if it has been configured to a value greater than BASE_100_PERCENT.