FeeSplitter: No sanity check to prevent shareholder from being added twice.

[code423n4]

Handle

GreyArt

Vulnerability details

Impact

It is possible for duplicate shareholders to be added. These shareholders will get more than intended when _sendFee() is called.

Recommended Mitigation Steps

Ensure that the _accounts array is sorted in setShareholders().

for (uint256 i = 0; i < _accounts.length; i++) {
    if (i > 0) {
        require(_accounts[i - 1] < _accounts[i], "FeeSplitter: ACCOUNTS_NOT_SORTED");
    }
    _addShareholder(_accounts[i], _weights[i]);
}

[adrien-supizet]

Duplicate #231

[adrien-supizet]

Indeed there is a fix to do here, we'll prevent adding the same shareholders instead as suggested in #231

[alcueca]

Taking this issue as the principal, and raising #231 to medium severity.