for getFeeOutputs in RubiconFeeController, fees are improperly calculated, leading to loss of fees for the fee recipient
Vulnerability Detail
In getFeeOutputs, there exists the following code:
for (uint256 j = 0; j < feeCount; ++j) {
OutputToken memory feeOutput = result[j];
if (feeOutput.token == tokenOut) {
found = true;
feeOutput.amount += feeAmount;
}
}
Because feeOutput is a memory variable, however, the feeOutput amount is not actually updated here (in the event that the token already exists in result). It should instead be storage so that the feeOutput is updated. This leads to under-calculation of fees, leading to the fee recipient losing out on fees.
detectiveking
high
getFeeOutputs
fees are improperly calculatedSummary
for
getFeeOutputs
in RubiconFeeController, fees are improperly calculated, leading to loss of fees for the fee recipientVulnerability Detail
In
getFeeOutputs
, there exists the following code:Because
feeOutput
is amemory
variable, however, the feeOutput amount is not actually updated here (in the event that the token already exists inresult
). It should instead be storage so that the feeOutput is updated. This leads to under-calculation of fees, leading to the fee recipient losing out on fees.Impact
Fee recipient receiving less fees than expected
Code Snippet
https://github.com/sherlock-audit/2024-02-rubicon-finance/blob/main/gladius-contracts-internal/src/fee-controllers/RubiconFeeController.sol#L63
Tool used
Manual Review
Recommendation
Change memory to storage
Duplicate of #64