# 51457 sc low getaccruedcommission reverts when token was removed instead of returning the accrued commission

* Report ID: #51457
* Report Type: Smart Contract
* Report severity: Low

Target: <https://github.com/immunefi-team/attackathon-plume-network/blob/main/plume/src/facets/ValidatorFacet.sol>

Impacts:

* Contract fails to deliver promised returns, but doesn't lose value

{% hint style="warning" %}
Severity: Low — function reverts when it should return a claimable value for a historical reward token.
{% endhint %}

## Description

### Brief/Intro

When a reward token is removed, `ValidatorFacet::getAccruedCommission()` reverts even though the accrued commission can still be claimed.

### Vulnerability Details

Reward tokens can be added and later removed. When adding a reward token, it becomes both a historical reward token and a currently active reward token. When removing a reward token, it remains a historical reward token to allow claiming of rewards for removed reward tokens. This also includes validator commission claims.

However, when a token was added as a reward token, accumulated commission, and was then removed, the `ValidatorFacet::getAccruedCommission()` function reverts even though there is accrued commission that can still be claimed.

### Impact Details

`ValidatorFacet::getAccruedCommission()` reverts when the specified token has been removed, even though the commission can still be claimed.

## References

Code references (kept as-is):

* RewardsFacet::addRewardToken — <https://github.com/immunefi-team/attackathon-plume-network/blob/580cc6d61b08a728bd98f11b9a2140b84f41c802/plume/src/facets/RewardsFacet.sol#L153-L202>
* RewardsFacet::removeRewardToken — <https://github.com/immunefi-team/attackathon-plume-network/blob/580cc6d61b08a728bd98f11b9a2140b84f41c204/plume/src/facets/RewardsFacet.sol#L210-L250>
* ValidatorFacet::getAccruedCommission — <https://github.com/immunefi-team/attackathon-plume-network/blob/580cc6d61b08a728bd98f11b9a2140b84f41c802/plume/src/facets/ValidatorFacet.sol#L957-L959>

## Proof of Concept

{% stepper %}
{% step %}

### Add a reward token

Call `RewardsFacet::addRewardToken()` to add a token as a reward token.

Reference: <https://github.com/immunefi-team/attackathon-plume-network/blob/580cc6d61b08a728bd98f11b9a2140b84f41c802/plume/src/facets/RewardsFacet.sol#L153-L202>
{% endstep %}

{% step %}

### Accrue commission

Some time passes and a validator accrues commission for the added reward token.
{% endstep %}

{% step %}

### Remove the reward token

Call `RewardsFacet::removeRewardToken()` to remove the reward token.

Reference: <https://github.com/immunefi-team/attackathon-plume-network/blob/580cc6d61b08a728bd98f11b9a2140b84f41c802/plume/src/facets/RewardsFacet.sol#L210-L250>
{% endstep %}

{% step %}

### Observe revert when querying accrued commission

Call `ValidatorFacet::getAccruedCommission()` for that token. The function reverts (see reference below), even though the commission can still be claimed. The function should return the commission for historical tokens as well.

Reference: <https://github.com/immunefi-team/attackathon-plume-network/blob/580cc6d61b08a728bd98f11b9a2140b84f41c802/plume/src/facets/ValidatorFacet.sol#L957-L959>
{% endstep %}
{% endstepper %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://reports.immunefi.com/plume-or-attackathon/51457-sc-low-getaccruedcommission-reverts-when-token-was-removed-instead-of-returning-the-accrued-co.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.