31479 - [SC - High] alchemechNFT holder will get too little FLUX be...
Previous31478 - [SC - High] calculateBPT doesnt divide by basis points infl...Next31480 - [SC - High] Miscalculation of global bias
Last updated
Was this helpful?
Last updated
Was this helpful?
Submitted on May 20th 2024 at 05:06:46 UTC by @Holterhus for
Report ID: #31479
Report type: Smart Contract
Report severity: High
Target: https://github.com/alchemix-finance/alchemix-v2-dao/blob/main/src/FluxToken.sol
Impacts:
Permanent freezing of unclaimed royalties
When alchemicNFT holders claim FLUX, the amount to claim is calculated relative to the amount that Patron NFT holders claim, which dramatically underestimates the amount to claim.
When NFT holders claim FLUX, the calculated amount should either by multiplied by 0.4% (for Patron NFT holders) or 0.05% (for alchemicNFT holders).
However, in the implementation of getClaimableFlux(), we first multiply by 0.4% to get the Patron NFT holder amount. Then, if it's an Alchemic NFT holder, we multiply that resulting value by 0.05% to get the final amount.
The result is that Alchemic NFT holders receive 0.4% * 0.05% = 0.0002% of the calculated amount, which is 250x less than they should.
Alchemic NFT holders will receive 250x less FLUX than they should when claiming. This loss of FLUX amount is permanent and can't be fixed.
FluxToken.sol
The following test can be added to FluxToken.t.sol. It should return 0.05% of 500_000, which would equal 250, but instead returns 1.