Closed code423n4 closed 1 year ago
hansfriese marked the issue as primary issue
hansfriese marked the issue as satisfactory
hansfriese changed the severity to 2 (Med Risk)
hansfriese marked the issue as duplicate of #290
hansfriese marked the issue as not a duplicate
hansfriese marked the issue as duplicate of #280
hansfriese changed the severity to QA (Quality Assurance)
hansfriese marked the issue as grade-c
Lines of code
https://github.com/code-423n4/2023-03-neotokyo/blob/dfa5887062e47e2d0c801ef33062d44c09f6f36e/contracts/staking/NeoTokyoStaker.sol#L1320
Vulnerability details
Impact
When a user calls
getReward
when claiming rewards for an Asset Type within a window, it will be reverted thereby preventing the user(s) from claiming their total rewards.Proof of Concept
The Bytes contract will call
claimReward
and thereafter,getPoolReward
will calculate and return the rewards for the Asset types and the tax to be claimed by the Dao. It is important, to note that withingetPoolReward
, if thelastRewardTime
is less than thewindow.startTime
,it calculates thecurrentRewardRate
: https://github.com/code-423n4/2023-03-neotokyo/blob/dfa5887062e47e2d0c801ef33062d44c09f6f36e/contracts/staking/NeoTokyoStaker.sol#L1320but if the window is located at the 0th index and the users last reward is to be assessed from the first window ,it will revert since 0-1 is a negative number.
Tools Used
Manual Review
Recommended Mitigation Steps
Check whether the start Time set at the 0th index and account for it separately.