In harvest(), the return values governancePerformanceFee and strategistPerformanceFee from calling _processRewardsFees() are unused. Their declarations are therefore redundant.
They can also be removed from _processRewardsFees()
Recommended Mitigation Steps
// in harvest()
function harvest() public whenNotPaused returns (uint256 harvested) {
...
// Because we are using bCVX we take fees in reward
//NOTE: This will probably revert because we deposit and transfer on same block
_processRewardsFees(earnedReward, reward);
...
}
// Note the removal of governanceRewardsFee and strategistRewardsFee
function _processRewardsFees(uint256 _amount, address _token) internal {
// process governance fee
_processFee(
_token,
_amount,
performanceFeeGovernance,
IController(controller).rewards()
);
// process strategist fee
_processFee(
_token,
_amount,
performanceFeeStrategist,
strategist
);
}
GalloDaSballo
commented
3 years ago
Handle
hickuphh3
Vulnerability details
Impact
In
harvest(), the return valuesgovernancePerformanceFeeandstrategistPerformanceFeefrom calling_processRewardsFees()are unused. Their declarations are therefore redundant.They can also be removed from
_processRewardsFees()Recommended Mitigation Steps