search

code-423n4 / 2023-05-ajna-findings

2 stars 0 forks source link

`RewardsManager.sol` contract, if the `bucketExchangeRates` of an epoch is not updated, all users will lose the rewards of that epoch #347

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-05-ajna/blob/main/ajna-core/src/RewardsManager.sol#L495

Vulnerability details

Impact

File: RewardsManager.sol
671     function _updateBucketExchangeRates(
672         address pool_,
673         uint256[] memory indexes_
674     ) internal returns (uint256 updatedRewards_) {
675         // get the current burn epoch from the given pool
676         uint256 curBurnEpoch = IPool(pool_).currentBurnEpoch();

The _updateBucketExchangeRates function can only update the ExchangeRate of the current epoch.

File: RewardsManager.sol
768     function _updateBucketExchangeRateAndCalculateRewards(
769         address pool_,
770         uint256 bucketIndex_,
771         uint256 burnEpoch_,
772         uint256 totalBurned_,
773         uint256 interestEarned_
774     ) internal returns (uint256 rewards_) {
775         uint256 burnExchangeRate = bucketExchangeRates[pool_][bucketIndex_][burnEpoch_];
776
777         // update bucket exchange rate at epoch only if it wasn't previously updated
778         if (burnExchangeRate == 0) {
--skip--
803         }
804     }

When the ExchangeRate of an epoch is 0, the reward of this epoch will not be calculated. The rewards of all users of this epoch will be lost.

Proof of Concept

if the bucketExchangeRates of an epoch is not updated, all users will lose the rewards of that epoch

Tools Used

Manual review

Recommended Mitigation Steps

It is recommended that the reward can be calculated even when an epoch has not been updated.

Assessed type

Other

c4-judge commented 1 year ago

Picodes marked the issue as unsatisfactory: Insufficient quality