Contract MplRewards should have an emergency withdraw function that is common in such contracts. emergencyWithdraw should allow users to withdraw their stakes without caring about the rewards. This can happen, for example, if the owner's wallet is compromised and it sets periodFinish (function updatePeriodFinish) to 0 making function getReward fail every time. Also you can add a check in the function updatePeriodFinish that timestamp >= lastUpdateTime so that this calculation won't fail: lastTimeRewardApplicable().sub(lastUpdateTime).
Handle
paulius.eth
Vulnerability details
Vulnerability details
Contract MplRewards should have an emergency withdraw function that is common in such contracts. emergencyWithdraw should allow users to withdraw their stakes without caring about the rewards. This can happen, for example, if the owner's wallet is compromised and it sets periodFinish (function updatePeriodFinish) to 0 making function getReward fail every time. Also you can add a check in the function updatePeriodFinish that timestamp >= lastUpdateTime so that this calculation won't fail: lastTimeRewardApplicable().sub(lastUpdateTime).