search

code-423n4 / 2023-05-ajna-findings

2 stars 0 forks source link

Ajna Rewards Might Be Lost #307

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-05-ajna/blob/main/ajna-core/src/RewardsManager.sol#L814-L819

Vulnerability details

Impact

USer's reward earned in AJNA tokens might be lost if balance of AJNA tokens in the contract is not enough.

Proof of Concept

1.) Let's assume Alice's rewardsEarned_ are 100 and contract's balance of AJNA tokens is 80.

2.) Alice calls claimRewards https://github.com/code-423n4/2023-05-ajna/blob/main/ajna-core/src/RewardsManager.sol#L114 . The function calls the function _claimRewards

3.) The function calculates rewards earned and then calls _calculateAndClaimRewards which updates the isEpochClaimed to true https://github.com/code-423n4/2023-05-ajna/blob/main/ajna-core/src/RewardsManager.sol#L412

4.) Then at https://github.com/code-423n4/2023-05-ajna/blob/main/ajna-core/src/RewardsManager.sol#L596 we call _transferAjnaRewards(rewardsEarned); but since only 80 AJNA is there in the contract , Alice gets 80.

5.) Alice calls claimRewards again in future to get remaining 20. Since https://github.com/code-423n4/2023-05-ajna/blob/main/ajna-core/src/RewardsManager.sol#L122 the mapping is set to true at step 3 , it would revert and Alice is unable to claim remaining 20 tokens.

Tools Used

Manual analysis

Recommended Mitigation Steps

Ensure that remaining tokens can be redeemed , only update the mapping if there are enough AJNA in the contract as many as the rewards for the users.

Assessed type

Invalid Validation

c4-judge commented 1 year ago

Picodes marked the issue as duplicate of #361

c4-judge commented 1 year ago

Picodes changed the severity to 3 (High Risk)

c4-judge commented 1 year ago

Picodes marked the issue as satisfactory