c4-judge
commented
1 year ago Picodes marked the issue as duplicate of #41
Closed c4-judge closed 1 year ago
c4-judge
commented
1 year ago Picodes marked the issue as duplicate of #41
c4-judge
commented
1 year ago Picodes marked the issue as satisfactory
Judge has assessed an item in Issue #17 as 2 risk. The relevant finding follows:
[L-07] First user that stakes again after a period without stakers receives too many rewards The MuteAmplifier contract pays out rewards on a per second basis. Let's assume there is only 1 staker which is Bob.
Say Bob calls stake at timestamp 0 and calls withdraw at timestamp 10. He receives rewards for 10 seconds of staking.
At timestsamp 30 Bob calls stake again (there were no stakers from timestamp 10 to timestamp 30). If Bob calls withdraw at say timestamp 40, he receives not only rewards for the 10 seconds he has staked but for 30 seconds (timestamp 10 to timestamp 40).
This means that whenever there are temporarily no stakers, whoever first stakes again receives all the rewards from the previous period without stakers.
This is due to how the update modifier works.
When someone stakes and there were no other stakers, the if block is not entered and the _mostRecentValueCalcTime variable is not updated.
So when the update modifier is executed again the staker also receives the rewards from the period when there were no stakers.
I just want to make the sponsor aware of this behavior. The sponsor may decide that this is unintended and needs to change. I think this might even be a beneficial behavior because it incentivises users to stake if there are no stakers because they will get more rewards.