QA Report

[code423n4]

It can be seen as an edge case when the reward to notify via the BaseRewardPool is lower than the seconds in a week, It won't likely happen with a reward token with 18 decimals, instead with a 6 decimals token, like the sanUSDC_EUR LP token collected from the angle FeeDistributor contract, this scenario could be present in the first week/s when the ANGLE locked amount could be really low.

function notifyRewardAmount(uint256 reward) internal updateReward(address(0)) {
        historicalRewards = historicalRewards.add(reward);
        if (block.timestamp >= periodFinish) {
            rewardRate = reward.div(duration);
        } else {
            uint256 remaining = periodFinish.sub(block.timestamp);
            uint256 leftover = remaining.mul(rewardRate);
            reward = reward.add(leftover);
            rewardRate = reward.div(duration);
        }
        currentRewards = reward;
        lastUpdateTime = block.timestamp;
        periodFinish = block.timestamp.add(duration);
        emit RewardAdded(reward);
    }

Within the notifyRewardAmount when it calculated the rewardRate, if the reward is < duration the rewardRate should be equal to 0, and the reward would be lost. It can happen, for example with a 6 decimals tokens, when the reward to notify is < 0.604800 (604800 seconds in a week). It could happen if the reward would be notified to the BaseRewardPool. This pool can support reward token with any decimal, but keep in mind that maybe other reward pool contract could be adapted to support reward token with decimals different than 18.

[JeeberC4]

Warden submitted multiple QA Reports. Will not be judged.