Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Programmable Derivatives>Low findings>The governance may fail to set the fee
GeneralOverview
Findings
Critical (2)
High (9)
Medium (4)
Low (3)The governance may fail to set the feeOracleReader does not have a storage gapPotentially obtaining a stale price
Informational (2)
DiscussionInconsistencies between documentation and implementation
Threat ModelWhat are threat models?Auction.solBalancerOracleAdapter.solBondToken.solDistributor.solLeverageToken.solOracleReader.solPool.solPoolFactory.solPreDeposit.sol
Audit ResultsAssessment Results
Category: Business Logic

The governance may fail to set the fee

Low Severity
Low Impact
Medium Likelihood

Description

Addresses with the GOV_ROLE are able to set the fee. In the function setFee, if the return value of the function getFeeAmount is greater than zero, it will call the function claimFees to collect fees.

function setFee(uint256 _fee) external onlyRole(poolFactory.GOV_ROLE()) {
  // [...]
  // Force a fee claim to prevent governance from setting a higher fee
  // and collecting increased fees on old deposits
  if (getFeeAmount() > 0) {
    claimFees();
  }
  // [...]
}

However, only the fee beneficiary is allowed to call the function claimFees.

function claimFees() public nonReentrant {
  require(msg.sender == feeBeneficiary, NotBeneficiary());
  // [...]
}

Impact

Since the address with the GOV_ROLE and the fee beneficiary might be different addresses, the governance may fail to set the fee due to the NotBeneficiary error.

Recommendations

Consider recording the accumulated fees in a state variable and updating lastFeeClaimTime. The fee beneficiary can claim this fee later.

Remediation

This issue has been acknowledged by Plaza Finance, and a fix was implemented in commit 899b4185.

Zellic © 2025Back to top ↑