Caviar Private Pools - savi0ur's results

Lines of code

https://github.com/code-423n4/2023-04-caviar/blob/main/src/PrivatePool.sol#L235-L236 https://github.com/code-423n4/2023-04-caviar/blob/main/src/PrivatePool.sol#L271-L285 https://github.com/code-423n4/2023-04-caviar/blob/main/src/PrivatePool.sol#L335

Vulnerability details

Impact

Loss of royalty share for the nft creator with more weightage

Proof of Concept

https://github.com/code-423n4/2023-04-caviar/blob/main/src/PrivatePool.sol#L235-L236

// calculate the sale price (assume it's the same for each NFT even if weights differ)
uint256 salePrice = (netInputAmount - feeAmount - protocolFeeAmount) / tokenIds.length;

https://github.com/code-423n4/2023-04-caviar/blob/main/src/PrivatePool.sol#L271-L285

if (payRoyalties) {
    for (uint256 i = 0; i < tokenIds.length; i++) {
        // get the royalty fee for the NFT
        (uint256 royaltyFee, address recipient) = _getRoyalty(tokenIds[i], salePrice);

        // transfer the royalty fee to the recipient if it's greater than 0
        if (royaltyFee > 0 && recipient != address(0)) {
            if (baseToken != address(0)) {
                ERC20(baseToken).safeTransfer(recipient, royaltyFee);
            } else {
                recipient.safeTransferETH(royaltyFee);
            }
        }
    }
}

If nft is having more weight, then its creator should get more royalty fee. Due to assuming average saleprice for all the nfts, there is a loss for the royalty recipient. As his share of royalty is calculated based on average salePrice.

Tools Used

Manual Review

Recommended Mitigation Steps

Consider having some fare mechanism of distributing royalties based on NFT weights.