You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The BribeRewarder does not offer a way to recover funds that can be stuck during normal protocol operations.
Vulnerability Detail
There two main scenarios where funds can get locked inside BribeRewarder contract.
If the user registers the contract through the bribe function. In this case, the user needs to send the amount that is bigger or equal than the number of periods multiplied by the amount per period. However if the previous transfer amount is bigger the excessive tokens are stuck in the contract.
For the periods that no user votes or the voting power is less than the amount to distribute, the amounts per period are not distributed and stuck in the contract.
function bribe(uint256startId, uint256lastId, uint256amountPerPeriod) public onlyOwner {
_bribe(startId, lastId, amountPerPeriod);
}
Tool used
Manual Review
Recommendation
Allow to withdraw the excessive amount of tokens or native tokens to the owner in case no rewards require to be distributed or the transfer amount was over calculated.
sherlock-admin2
changed the title
Sneaky Neon Mole - Funds Can Get Stucked on BribeRewarder contract
slowfi - Funds Can Get Stucked on BribeRewarder contract
Jul 30, 2024
slowfi
Medium
Funds Can Get Stucked on
BribeRewarder
contractSummary
The
BribeRewarder
does not offer a way to recover funds that can be stuck during normal protocol operations.Vulnerability Detail
There two main scenarios where funds can get locked inside
BribeRewarder
contract.bribe
function. In this case, the user needs to send the amount that is bigger or equal than the number of periods multiplied by the amount per period. However if the previous transfer amount is bigger the excessive tokens are stuck in the contract.Impact
Unnecessary lock of funds on the contracts.
BribeRewarder.sol#L132C1-L134C6
Tool used
Manual Review
Recommendation
Allow to withdraw the excessive amount of tokens or native tokens to the owner in case no rewards require to be distributed or the transfer amount was over calculated.
Duplicate of #172
The text was updated successfully, but these errors were encountered: