After endRewardLock, when all receipt token holders claim their rewardTokens, there may still be some balance(or dust) rewardTokens left,
which will be NON-claimable by anyone. The mismatch in balance is because of the reward calculation accuracy, and virtualBalances used.
Proof of Concept
File :Locke.sol
Contract / Function : Stream / earned
Line : 469
function earned(TokenStream storage ts, uint256 currCumRewardPerToken) internal view returns (uint112) {
Contract / Function : Stream / rewardPerToken
Line : 343
function rewardPerToken() public view returns (uint256) {
Tools Used
Manual review
Recommended Mitigation Steps
Similar to function claimFees, the governance contract of the factory can send the balance(dust) rewardTokens to the stream Creator after
checking all the users ts.rewards == 0
Handle
hubble
Vulnerability details
Impact
After endRewardLock, when all receipt token holders claim their rewardTokens, there may still be some balance(or dust) rewardTokens left, which will be NON-claimable by anyone. The mismatch in balance is because of the reward calculation accuracy, and virtualBalances used.
Proof of Concept
File :Locke.sol Contract / Function : Stream / earned Line : 469 function earned(TokenStream storage ts, uint256 currCumRewardPerToken) internal view returns (uint112) {
Contract / Function : Stream / rewardPerToken Line : 343 function rewardPerToken() public view returns (uint256) {
Tools Used
Manual review
Recommended Mitigation Steps
Similar to function claimFees, the governance contract of the factory can send the balance(dust) rewardTokens to the stream Creator after checking all the users ts.rewards == 0