`withdrawRewards` should send remaining balance

[code423n4]

Handle

cmichel

Vulnerability details

If the Comptroller does not have enough rewards to pay out, no tokens at all are paid out as rewards. It could pay out the remaining balance.

Impact

This is an issue especially for users with high reward balances that might never get a payout if the token balance in the contract is always low and smaller rewards are paid out first.

Recommended Mitigation Steps

Pay out unionToken.balanceOf(address(this)) in the else branch and set the users[sender][token].accrued balance to amount - rewardBalance.

[GalloDaSballo]

Agree with the finding, this may cause a loss of yield for the rewards, severity seems fine given the conditions