Hooks.wtf

Audit Findings

ProtocolFeeRecipient.sol

[INFO] Unrequired increment

The first amount_ in available is not required to increment, as it will be the first time that it is set. The gas savings here would be minimal, but highlighted regardless.

Suggested Remediation

function available() public view returns (uint amount_) {
    // Amount of ETH held in the contract
    amount_ = payable(address(this)).balance;

    // ..
}

[MINOR] Potential Temporary Loss of Funds

If a PositionManager is unset before claim has been called, the allocated ETH would be left stagnant until it was set again. It would be recommended to claim from a PositionManager before unsetting.

Proof of Concept

Coming soon.

Suggested Remediation

By adding a fee withdrawal call before the PositionManager is removed, it ensures that no funds are missed. This will just add the ETH to the contract and will be included in the next claim call.

function setPositionManager(address _positionManager, bool _enable) public onlyOwner {
    if (_enable && !_positionManagers.contains(_positionManager)) {
        _positionManagers.add(_positionManager);
        emit PositionManagerUpdated(_positionManager, true);
    } else if (!_enable && _positionManagers.contains(_positionManager)) {
    	// @audit Withdraw fees here, before removing
    	PositionManager(payable(_positionManager)).withdrawFees(address(this), true);

        _positionManagers.remove(_positionManager);
        emit PositionManagerUpdated(_positionManager, false);
    }
}
Previous
PoolSwap.sol
Next
ProtocolRoles.sol