search

code-423n4 / 2023-05-ajna-findings

2 stars 0 forks source link

The reward will be never transferred when the RewardsManager has no reward tokens and users will lose the reward tokens. #378

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-05-ajna/blob/main/ajna-core/src/RewardsManager.sol#L813-L815

Vulnerability details

Impact

Users can not claim the reward tokens which they have to earn when the RewardManager has no or fewer reward tokens.

Proof of Concept

In the test for the RewardManager, the reward token will be distributed in the following line. https://github.com/code-423n4/2023-05-ajna/blob/main/ajna-core/tests/forge/unit/Rewards/RewardsDSTestPlus.sol#L270 and I guess, the team must transfer the reward tokens again when there are not enough reward tokens in the contract after claims by users.

It will be possible that the RewardManager has less or no reward tokens than the reward token that users can claim after repeating claims. When users try to claim the reward tokens in the situation, users will have fewer reward tokens than they can earn because of the following line. https://github.com/code-423n4/2023-05-ajna/blob/main/ajna-core/src/RewardsManager.sol#L813-L815

Tools Used

Recommended Mitigation Steps

For example, the transaction must be reverted when the contract does not have enough reward tokens. Or The RewardManager will store the pending reward tokens of users as a state variable, and users can claim later when the contract has enough reward tokens again.

Assessed type

Token-Transfer

c4-judge commented 1 year ago

Picodes marked the issue as duplicate of #361

c4-judge commented 1 year ago

Picodes marked the issue as satisfactory