Skip to content

Latest commit

 

History

History
27 lines (19 loc) · 1.18 KB

078.md

File metadata and controls

27 lines (19 loc) · 1.18 KB

Attractive Tin Coyote

Medium

Uninitialized immutable variable MAX_CLAIM_FEE prevents having a fee collector that receives fees

Summary

Uninitialized immutable variable MAX_CLAIM_FEE prevents admin from setting feeAmount to a certain amount > 0. feeCollector will never receive fees in this contract.

Vulnerability Detail

Uninitialized immutable variable MAX_CLAIM_FEE will always be 0 in this contract. Thus, feeAmount will always be 0. If admin tries to set feeAmount to an amount > 0 the setClaimFeeParameters(...) function will revert. It can only be 0 making feeCollector useless.

Impact

feeCollector will never receive fees in this contract.

Code Snippet

The root cause making MAX_CLAIM_FEE == 0 always: https://github.com/sherlock-audit/2024-11-tally/blob/main/staker/src/GovernanceStaker.sol#L171 https://github.com/sherlock-audit/2024-11-tally/blob/main/staker/src/GovernanceStaker.sol#L228 The check preventing feeAmount from being > 0: https://github.com/sherlock-audit/2024-11-tally/blob/main/staker/src/GovernanceStaker.sol#L801

Tool used

Manual Review

Recommendation

Initialize the MAX_CLAIM_FEE immutable variable in the constructor.