There could be an integer underflow error when the reward of an incentive is claimed, forcing users to wait for a sufficient period or reduce their liquidity to claim the rewards.
Proof of Concept
The unclaimed reward that a user could claim is proportional to the secondsInside, which is, in fact, proportional to the position's liquidity. It is possible that the liquidity is too large and causes secondsInside to be larger than secondsUnclaimed. As a result, the rewards that the user wants to claim exceed the incentive.rewardsUnclaimed and causes an integer underflow error, which prevents him from getting the rewards.
Handle
broccoli
Vulnerability details
Impact
There could be an integer underflow error when the reward of an incentive is claimed, forcing users to wait for a sufficient period or reduce their liquidity to claim the rewards.
Proof of Concept
The unclaimed reward that a user could claim is proportional to the
secondsInside
, which is, in fact, proportional to the position's liquidity. It is possible that the liquidity is too large and causessecondsInside
to be larger thansecondsUnclaimed
. As a result, the rewards that the user wants to claim exceed theincentive.rewardsUnclaimed
and causes an integer underflow error, which prevents him from getting the rewards.Referenced code: ConcentratedLiquidityPoolManager.sol#L94-L95
Recommended Mitigation Steps
Check whether the
rewards
exceeds theincentive.rewardsUnclaimed
. If so, then send onlyincentive.rewardsUnclaimed
amount of rewards to the user.