This repository has been archived by the owner on Mar 3, 2024. It is now read-only.
0x73696d616f - Lost rewards when the supply is 0
, which always happens if the rewards are queued before anyone has StakeTracker
tokens
#387
Labels
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
0x73696d616f
medium
Lost rewards when the supply is
0
, which always happens if the rewards are queued before anyone hasStakeTracker
tokensSummary
If the supply of
StakeTracker
tokens is0
, therewardPerTokenStored
won't increase, but thelastUpdateBlock
will, leading to lost rewards.Vulnerability Detail
The rewards are destributed in a
MasterChef
style, which takes snapshots of the total accrued rewards over time and whenever someone wants to get the rewards, it subtracts the snapshot of the user from the most updated, global snapshot.The
rewardsPerToken()
calculation factors the blocks passed times the reward rate by thetotalSupply()
, to get the reward per token in a specific interval (and then accrues to the previous intervals, as stated in the last paragraph). When thetotalSupply()
is0
, there is 0rewardPerToken()
increment as there is no supply to factor the rewards by.The current solution is to maintain the same
rewardsPerToken()
if thetotalSupply()
is0
, but thelastUpdateBlock
is still updated. This means that, during the interval in which thetotalSupply()
is0
, no rewards are destributed but the block numbers still move forward, leaving the tokens stuck in theMainRewarder
andExtraRewarder
smart contracts.This will always happen if the rewards are quewed before the
totalSupply()
is bigger than0
(before an initial deposit to eitherDestinationVault
orLMPVault
). It might also happen if users withdraw all their tokens from the vaults, leading to atotalSupply()
of0
, but this is very unlikely.Impact
Lost reward tokens. The amount depends on the time during which the
totalSupply()
is0
, but could be significant.Code Snippet
The
rewardPerToken()
calculation:The
rewardPerTokenStored
does not increment when thetotalSupply()
is0
.Tool used
Vscode
Foundry
Manual Review
Recommendation
The
totalSupply()
should not realistically be0
after the initial setup period (unless for some reason everyone decides to withdraw from the vaults, but this should be handled separately). It should be enough to only allow queueing rewards if thetotalSupply()
is bigger than0
. For this, only a new check needs to be added:The text was updated successfully, but these errors were encountered: