search

hats-finance / Fenix--0x9d7765a7ebd5b6322a30797a44a5428531970d3d

0 stars 1 forks source link

VoterUpgradeableV1_2: Either the user will not be able to claim bribes or the user won't be able to claim fees due to the duplicate implementation in `claimBribes()` and `claimFees()` #19

Open hats-bug-reporter[bot] opened 2 months ago

hats-bug-reporter[bot] commented 2 months ago

Github username: @burhankhaja Twitter username: imaybeghost Submission hash (on-chain): 0x1ea56a2986b80c852884053c4915b7f8158a1ca74202c7d65a2695d9691f23af Severity: low

Description: claimFees is supposed to give out claiming fee rewards

    /// @notice claim fees rewards given an address
    function claimFees(address[] memory _bribes, address[][] memory _tokens) external {
        for (uint256 i = 0; i < _bribes.length; i++) {
            IBribe(_bribes[i]).getRewardForAddress(msg.sender, _tokens[i]);
        }
    }

while the claimBribes is supposed to give out bribing rewards

   /// @notice claim bribes rewards given an address
    function claimBribes(address[] memory _bribes, address[][] memory _tokens) external {
        for (uint256 i = 0; i < _bribes.length; i++) {
            IBribe(_bribes[i]).getRewardForAddress(msg.sender, _tokens[i]);
        }
    }

But both the functions are exactly the same, only the names are different, since the bribe contract was out of scope, i didn't went too deep into the implementation. but it obvious that either one of the two functions is breaking.

Recommendation\ Consider either removing one of the functions, or double checking its implementation in bribes contract and re-implement accordingly.

0xmahdirostami commented 2 months ago

For now, these submissions will be judged as well.

BohdanHrytsak commented 1 month ago

@0xmahdirostami Although the functions have the same implementation, they do not break anything. This is done to distinguish between external/internal bribes but with the same functionality

Just the name fees for internal_bribes, and bribes for external_bribes, but nothing breaks, etc.

0xmahdirostami commented 1 month ago

Lead: Clarification is needed for this issue. If the intention is to duplicate the same implementation and use claimFees instead of claimBribes to distinguish between external and internal bribes, then it is informational and invalid in this context. However, if there are specific vaults for fees and it functions similarly to Velodrome, then the issue is of low severity.