Inaccurate ETH Distribution in Collection Shutdown Claim
Summary
Bug Report: Inaccurate ETH Distribution in Collection Shutdown Claim
1. Title: Inaccurate ETH Distribution in Collection Shutdown Claim
2. Trigger Conditions:
This bug can be triggered under the following conditions:
A collection shutdown is initiated and successfully reaches quorum.
The collection shutdown is executed, sending the NFTs to a Sudoswap pool for liquidation.
All the NFTs in the Sudoswap pool are sold, generating ETH proceeds.
Users with dust tokens attempt to claim their share of the ETH.
3. Proof of Concept Flow:
Start Shutdown: A user initiates a shutdown process for a collection with a low number of NFTs in circulation. For instance, there are 100 tokens, and the user owns 60. The shutdown quorum would be 50 tokens (50%).
Reach Quorum: The user votes with their 60 tokens, exceeding the required quorum.
Execute Shutdown: An admin calls the execute() function, sending the remaining NFTs from the Locker to a Sudoswap pool for liquidation.
Sudoswap Liquidation: The Sudoswap pool sells all the NFTs, accumulating 10 ETH in proceeds.
User Claim: The initial user, owning 60% of the dust tokens, attempts to claim their share using the claim() function.
Expected Outcome: The user should receive 6 ETH (60% of 10 ETH).
Actual Outcome: Due to the bug, the user will receive only 3 ETH, calculated as 10 ETH * 60 / (50 * 100 / 50). The denominator uses the quorum votes (50) instead of the total circulating supply (100).
4. Impact:
This bug leads to an inaccurate calculation of the claimable ETH for users participating in the Collection Shutdown mechanism. The primary impact is financial loss for legitimate dust token holders as they are systematically underpaid during the claim process. The lower the participation rate during the vote phase (the lower the shutdownVotes in relation to the total circulating supply), the more pronounced the underpayment.
This situation could cause several negative consequences:
Loss of User Funds: Users lose a significant portion of their rightful ETH proceeds from the NFT liquidation.
Damaged Reputation: The inaccurate distribution erodes trust in the platform's fairness and accuracy, discouraging further user participation in shutdowns.
Potential Disputes and Legal Issues: The unfair distribution could lead to disputes between users and the platform, potentially escalating into legal issues.
5. Function Code:
Here's the claim() function from CollectionShutdown.sol:
function claim(address _collection, address payable _claimant) public nonReentrant whenNotPaused {
// Ensure our user has tokens to claim
uint claimableVotes = shutdownVoters[_collection][_claimant];
if (claimableVotes == 0) revert NoTokensAvailableToClaim();
// Ensure that we have moved token IDs to the pool
CollectionShutdownParams memory params = _collectionParams[_collection];
if (params.sweeperPool == address(0)) revert ShutdownNotExecuted();
// Ensure that all NFTs have sold from our Sudoswap pool
if (!collectionLiquidationComplete(_collection)) revert NotAllTokensSold();
// We can now delete our sweeper pool tokenIds
if (params.sweeperPoolTokenIds.length != 0) {
delete _collectionParams[_collection].sweeperPoolTokenIds;
}
// Burn the tokens from our supply
params.collectionToken.burn(claimableVotes);
// Set our available tokens to claim to zero
delete shutdownVoters[_collection][_claimant];
// ***BUGGY LINE:***
// Get the number of votes from the claimant and the total supply and determine from that the percentage
// of the available funds that they are able to claim.
uint amount = params.availableClaim * claimableVotes / (params.quorumVotes * ONE_HUNDRED_PERCENT / SHUTDOWN_QUORUM_PERCENT);
(bool sent,) = _claimant.call{value: amount}('');
if (!sent) revert FailedToClaim();
emit CollectionShutdownClaim(_collection, _claimant, claimableVotes, amount);
}
Recommendation:
It is strongly advised to address this bug immediately to ensure a fair and accurate ETH distribution in the Collection Shutdown mechanism.
Minato7namikazi
High
Inaccurate ETH Distribution in Collection Shutdown Claim
Summary
Bug Report: Inaccurate ETH Distribution in Collection Shutdown Claim
1. Title: Inaccurate ETH Distribution in Collection Shutdown Claim
2. Trigger Conditions:
This bug can be triggered under the following conditions:
3. Proof of Concept Flow:
execute()function, sending the remaining NFTs from theLockerto a Sudoswap pool for liquidation.claim()function.Expected Outcome: The user should receive 6 ETH (60% of 10 ETH).
Actual Outcome: Due to the bug, the user will receive only 3 ETH, calculated as
10 ETH * 60 / (50 * 100 / 50). The denominator uses the quorum votes (50) instead of the total circulating supply (100).4. Impact:
This bug leads to an inaccurate calculation of the claimable ETH for users participating in the Collection Shutdown mechanism. The primary impact is financial loss for legitimate dust token holders as they are systematically underpaid during the claim process. The lower the participation rate during the vote phase (the lower the shutdownVotes in relation to the total circulating supply), the more pronounced the underpayment.
This situation could cause several negative consequences:
5. Function Code:
Here's the
claim()function fromCollectionShutdown.sol:Recommendation:
It is strongly advised to address this bug immediately to ensure a fair and accurate ETH distribution in the Collection Shutdown mechanism.
Root Cause
No response
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
No response
PoC
No response
Mitigation
No response