52436 sc low getaccruedcommission could return an inaccurate value
Submitted on Aug 10th 2025 at 17:06:50 UTC by @a16 for Attackathon | Plume Network
Report ID: #52436
Report Type: Smart Contract
Report severity: Low
Target: https://github.com/immunefi-team/attackathon-plume-network/blob/main/plume/src/facets/ValidatorFacet.sol
Impacts:
Contract fails to deliver promised returns, but doesn't lose value
Temporary freezing of funds for at least 1 hour
Description
Brief / Intro
The getAccruedCommission() function is supposed to return the amount of commission accrued by a validator for a single token, but it does not account for changes that occurred since the last on-chain update.
Vulnerability Details
Commission accrues over time as a percentage of rewards. The public function getAccruedCommission() returns validatorAccruedCommission[validatorId][token], but the true accrued commission (as computed in requestCommissionClaim()) may be larger because requestCommissionClaim() updates validatorAccruedCommission[validatorId][token] by calling _settleCommissionForValidatorUpToNow(), which internally calls updateRewardPerTokenForValidator() and increments validatorAccruedCommission[validatorId][token]. If time has passed since the last update, the value returned by getAccruedCommission() can be considerably smaller than the actual amount that would be settled on-chain.
Impact Details
Validators calling this public function might get an incorrect impression of the amount of commission accrued so far, leading them to delay claiming rewards or otherwise misjudge available commission.
Proof of Concept
Was this helpful?