BaseLiquidityManager Manual Review Findings

BLM-01M: Inexistent Configuration of Fee Manager (Migration)

Type	Severity	Location
Logical Fault		BaseLiquidityManager.sol:L635

Description:

The BaseLiquidityManager::migrate function is meant to permit previously present liquidity managers to migrate to the new fee structure, however, the feeManager will never be configured for those entries causing the BaseLiquidityManager::migrate function to fail.

Impact:

All previously deployed liquidity managers that are upgraded will never properly migrate as the feeManager would point to the zero address and would never be configured.

Example:

Copy
631function migrate() external {
632    require(!isMigrated);
633    isMigrated = true;        
634    //Migration of fee percentages
635    IFeeManager(feeManager).setMigratedVaultFeeAndWithdrawalPermission();
636    accruedFees0["STEER_FEES"] += accruedSteerFees0;
637    totalFees0 += accruedSteerFees0;
638    accruedFees0["STRATEGIST_FEES"] += accruedStrategistFees0;
639    totalFees0 += accruedStrategistFees0;
640
641    accruedFees1["STEER_FEES"] += accruedSteerFees1;
642    totalFees1 += accruedSteerFees1;
643    accruedFees1["STRATEGIST_FEES"] += accruedStrategistFees1;
644    totalFees1 += accruedStrategistFees1;
645}

Recommendation:

We advise the function to accept an input argument, properly configuring the feeManager before its body is executed.

Additionally, we advise access control to be imposed on the function to ensure the correct feeManager is specified by a caller affiliated with the Steer Protocol team.

Alleviation (6513a21a002d422e298719b22f73a4559dfd4663):

The migration mechanism of the BaseLiquidityManager has been moved onto the MultiPositionLiquidityManager contract implementation, and will now fetch the _feeManager as well as _helper dynamically from the vaultRegistry.

As such, the migration procedure will be correctly performed and the contract will be re-configured during its migration for the newly introduced feeManager and helper variables.