DAO gets more fee than usuall and this disappoint rsr token holders to stake their assets
Proof of Concept
distributor contract will send a portion of rsr sent to daoFeeRegistry contract that value of share determined in daoFeeRegistry and max value for that is 15% but daoFeeRegistry get more than 15%
uint256 constant MAX_FEE_NUMERATOR = 15_00; // Max DAO Fee: 15%
let's assume MAX_FEE_NUMERATOR is 1500 and FEE_DENOMINATOR is 10000 and RToken's owner config distributor like this
after a while 7764 rsr token send to distributor and Distributor::distribute function will be called which in turn call Distributor::totals function and in totals function:
init values:
rTokenTotal = 4000
rsrTotal = 6000
and for compute dao fee:
Lines of code
https://github.com/code-423n4/2024-07-reserve/blob/3f133997e186465f4904553b0f8e86ecb7bbacbf/contracts/p1/Distributor.sol#L222 https://github.com/code-423n4/2024-07-reserve/blob/3f133997e186465f4904553b0f8e86ecb7bbacbf/contracts/p1/Distributor.sol#L183
Vulnerability details
Impact
DAO gets more fee than usuall and this disappoint rsr token holders to stake their assets
Proof of Concept
distributor contract will send a portion of rsr sent to daoFeeRegistry contract that value of share determined in daoFeeRegistry and max value for that is 15% but daoFeeRegistry get more than 15%
let's assume MAX_FEE_NUMERATOR is 1500 and FEE_DENOMINATOR is 10000 and RToken's owner config distributor like this
after a while 7764 rsr token send to distributor and
Distributor::distributefunction will be called which in turn callDistributor::totalsfunction and in totals function: init values: rTokenTotal = 4000 rsrTotal = 6000 and for compute dao fee:1500 * (4000 + 6000) / 10000 - 1500 = 1764
and final result: rTokenTotal = 4000 rsrTotal = 7764
and after that
and
1776 * 100 / 7764 = 22% its mean DAO get 22% - 15% more than 15%
Tools Used
Manually
Recommended Mitigation Steps
use below formola for dao fee amount
Assessed type
Math