function getReward(address stakeToken) public updateReward(stakeToken, msg.sender) checkStart(stakeToken) {
uint256 reward = rewards[stakeToken][msg.sender].rewards;
if (reward > 0) {
rewards[stakeToken][msg.sender].rewards = 0;
oleToken.safeTransfer(msg.sender, reward);
emit RewardPaid(stakeToken, msg.sender, reward);
}
}
As we can see if user reward are 500 and contract has only 499 rewards left then no reward will be transferred to the user. User is blocked until contract adds more rewards. Instead contract could have atleast transferred 499 rewards and kept 1 as leftover reward in rewards[stakeToken][msg.sender].rewards
Recommended Mitigation Steps
if reward balance is less contract must transfer whatever amount is left in contract and rest can be recorded in user leftover rewards
Handle
csanuragjain
Vulnerability details
Impact
If contract does not have enough reward token, full user reward are stuck. Their is no provision for partial reward payment
Proof of Concept
Navigate to https://github.com/code-423n4/2022-01-openleverage/blob/main/openleverage-contracts/contracts/farming/FarmingPools.sol
Observe the getReward function
Recommended Mitigation Steps
if reward balance is less contract must transfer whatever amount is left in contract and rest can be recorded in user leftover rewards