-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Updating MintRatio can lead to out of sync reward values #937
Comments
0xSorryNotSorry marked the issue as sufficient quality report |
0xSorryNotSorry marked the issue as primary issue |
Somewhat similar to #1026 so I'm going to comment something along the same lines : Acknowledging this, disagree with severity (imo it's informational). This is the expected behavior, users are supposed to check each other and if the mintRatio go down, updateMintRatio of others so that they are not earning more rewards unduly. And if mintRatio is going up, users are expected to update their position to benefit from the new ratio. Ultimately the governance is a game of who has relatively more tokens, so the users act as keepers to each other to make sure no undue rewards are earned, and individually they are expected to do the actions needed to maximize their rewards. |
eswak (sponsor) acknowledged |
eswak marked the issue as disagree with severity |
Trumpero changed the severity to QA (Quality Assurance) |
Trumpero marked the issue as grade-a |
considering this issue as informational based on the sponsor's comment |
Trumpero marked the issue as grade-c |
Lines of code
https://github.com/code-423n4/2023-12-ethereumcreditguild/blob/main/src/loan/SurplusGuildMinter.sol#L293-L315
https://github.com/code-423n4/2023-12-ethereumcreditguild/blob/main/src/loan/SurplusGuildMinter.sol#L250-L251
Vulnerability details
Impact
When the governor updates the mintRatio, all the users who stake are not required to call updateMintRatio This can result in lost rewards for users.
Proof of Concept
The following code can be added to the
SurplusGuildMinterUnitTest.sol
Tools Used
Foundry
Recommended Mitigation Steps
Add a modifier to the
getRewards
can help fix this issue. This way when the user is callinggetRewards
and themintRatio
has changed, the user will get updated rewards based on themintRatio
Assessed type
Timing
The text was updated successfully, but these errors were encountered: