Brilliant Flint Sardine
High
Uninitialized MAX_CLAIM_FEE
in GovernanceStaker
leads to Denial-of-Service in _setClaimFeeParameters
The GovernanceStaker
contract includes an immutable variable MAX_CLAIM_FEE
, but it is not initialized in the base contract. While the README
does not explicitly confirm or deny whether GovernanceStaker
is a production contract, the scope requires that we consider it as such.
The _setClaimFeeParameters
function in GovernanceStaker
relies on MAX_CLAIM_FEE
to validate fee parameters. However, because MAX_CLAIM_FEE
is not initialized in GovernanceStaker
, the comparison _params.feeAmount > MAX_CLAIM_FEE
will always be true, and the function will always revert.
- Denial of Service (DoS): The admin cannot configure claim fees.
- Revenue Loss: Without claim fees, the protocol may be unable to cover operational costs.
- Vulnerable logic : _setClaimFeeParameters
- Uninitialized variable : MAX_CLAIM_FEE
Manual Review
Add this line in the constructor:
+ MAX_CLAIM_FEE = 1e18;