search

code-423n4 / 2024-01-salty-findings

11 stars 6 forks source link

Hardcoded Reward Distribution Logic in DAO Contract #690

Closed c4-bot-7 closed 9 months ago

c4-bot-7 commented 9 months ago

Lines of code

https://github.com/code-423n4/2024-01-salty/blob/main/src/dao/DAO.sol#L327

Vulnerability details

LoC

https://github.com/code-423n4/2024-01-salty/blob/main/src/dao/DAO.sol#L327

Vunerability Detail

In DAO contract, specifically within the processRewardsFromPOL function, the percentages for distributing rewards to the team and for burning are hardcoded. The team reward is set to a fixed 10% of the claimedSALT, and the burn percentage is determined by a fixed configuration value from daoConfig.

This rigid structure does not allow for adjustments based on changing market conditions, strategic shifts, or community consensus.

Code Snippet

    uint256 claimedSALT = collateralAndLiquidity.claimAllRewards(poolIDs);
    // Fixed percentage sent to the team
    uint256 amountToSendToTeam = claimedSALT / 10; 
    // Fixed percentage burned
    uint256 saltToBurn = (remainingSALT * daoConfig.percentPolRewardsBurned()) / 100;

Impact

The inflexible reward distribution might not align with the changing needs of the DAO or the market. For instance, in certain market conditions, burning a fixed percentage of tokens might either be too aggressive, impacting the token's liquidity, or too conservative, failing to provide sufficient deflationary pressure.

The inability to adjust these parameters through governance votes limits the DAO's capacity to respond dynamically to its stakeholders' preferences or strategic shifts.

As the DAO evolves, its objectives and priorities might change. A hardcoded reward distribution can become misaligned with these evolving goals, potentially leading to inefficiencies or discontent among stakeholders.

Example Scenario

In a highly volatile market, maintaining a fixed percentage for rewards and burns could lead to undesirable outcomes. For example, if the token's value surges, a fixed burn rate might excessively decrease the token supply, or if the token's value drops, the fixed team rewards might become insufficient to sustain DAO operations.

Recommendations

Introduce governance mechanisms to dynamically adjust reward distribution percentages. This allows the DAO to adapt its tokenomics in response to changing market conditions or strategic priorities.

Enable DAO members to propose and vote on changes to the reward distribution percentages. This empowers the community and aligns the reward policy with the collective decision of stakeholders.

Regularly monitor the impact of reward distribution on the DAO's tokenomics and operations. Utilize data analytics to inform decision-making regarding optimal distribution strategies.

Assessed type

Other

c4-judge commented 9 months ago

Picodes marked the issue as unsatisfactory: Invalid