You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on May 26, 2023. It is now read-only.
However, when escrowPortion > 0, if escrowPool == address(0), claimRewards() will still only transferring nonEscrowedRewardAmount to the _receiver and left the escrowedRewardAmount in the contract.
Impact
As a result, a portion (escrowPortion) of the rewards will be frozen in the contract, and there is no way for the users or even the admin to retrieve these rewards.
WATCHPUG
high
escrowedReward
will be frozen in the contract ifescrowPool == address(0)
butescrowPortion > 0
Summary
A portion of users' reward, which is expected to be "escrowed", will be frozen in the pool contract if
escrowPool == address(0)
butescrowPortion > 0
.Vulnerability Detail
Setting
_escrowPool
toaddress(0)
is allowed in__BasePool_init()
:https://github.com/sherlock-audit/2022-10-merit-circle/blob/main/merit-liquidity-mining/contracts/base/BasePool.sol#L75-L77
However, when
escrowPortion > 0
, ifescrowPool == address(0)
,claimRewards()
will still only transferringnonEscrowedRewardAmount
to the_receiver
and left theescrowedRewardAmount
in the contract.Impact
As a result, a portion (
escrowPortion
) of the rewards will be frozen in the contract, and there is no way for the users or even the admin to retrieve these rewards.Code Snippet
https://github.com/Merit-Circle/merit-liquidity-mining/blob/ce5feaae19126079d309ac8dd9a81372648437f1/contracts/base/BasePool.sol#L100-L115
Tool used
Manual Review
Recommendation
Change to:
The text was updated successfully, but these errors were encountered: