Rebasing tokens make balanceOf modifications arbitrarily (e.g: Aave share tokens).
If such token is used in an escrow, the balance could become insufficient at the time of claiming rewards, making it impossible to claim rewards for that escrow.
Impact
Medium
Proof Of Concept
The claimable amount is computed, and the MultiRewardEscrow then tries to transfer it to escrow.account.
Lines of code
https://github.com/code-423n4/2023-01-popcorn/blob/d95fc31449c260901811196d617366d6352258cd/src/utils/MultiRewardEscrow.sol#L165
Vulnerability details
Rebasing tokens make
balanceOf
modifications arbitrarily (e.g: Aave share tokens).If such token is used in an escrow, the balance could become insufficient at the time of claiming rewards, making it impossible to claim rewards for that escrow.
Impact
Medium
Proof Of Concept
The
claimable
amount is computed, and theMultiRewardEscrow
then tries to transfer it toescrow.account
.If rebasing makes it so that
escrow.token.balanceOf(address(this)) < claimable
, the call would revert, lockingescrow.token
inMultiRewardEscrow
.Tools Used
Manual Analysis
Mitigation
You can add an
amount
parameter toclaimRewards
, so that users can specify how much they want to claim.