There is uninitialized storage variables, specifically, the rewardsClaimed variable, which is being used in the _calculateNextEpochRewards function without being initialized. This vulnerability could cause unexpected behavior, such as incorrect calculations or manipulation of data. The impact of the vulnerability depends on the specific smart contract and the importance of the affected variable to the contract's functionality.
In this particular smart contract, the rewardsClaimed variable is used to calculate the amount of rewards that have been accumulated by a staked NFT in the next epoch. If rewardsClaimed is not initialized, the calculated rewards could be incorrect, which could potentially result in a loss of funds for the user.
Lines of code
https://github.com/code-423n4/2023-05-ajna/blob/276942bc2f97488d07b887c8edceaaab7a5c3964/ajna-core/src/RewardsManager.sol#L426-L464 https://github.com/code-423n4/2023-05-ajna/blob/276942bc2f97488d07b887c8edceaaab7a5c3964/ajna-core/src/RewardsManager.sol#L435 https://github.com/code-423n4/2023-05-ajna/blob/276942bc2f97488d07b887c8edceaaab7a5c3964/ajna-core/src/RewardsManager.sol#L435
Vulnerability details
Impact
There is uninitialized storage variables, specifically, the
rewardsClaimed
variable, which is being used in the_calculateNextEpochRewards
function without being initialized. This vulnerability could cause unexpected behavior, such as incorrect calculations or manipulation of data. The impact of the vulnerability depends on the specific smart contract and the importance of the affected variable to the contract's functionality.In this particular smart contract, the
rewardsClaimed
variable is used to calculate the amount of rewards that have been accumulated by a staked NFT in the next epoch. IfrewardsClaimed
is not initialized, the calculated rewards could be incorrect, which could potentially result in a loss of funds for the user.Proof of Concept
The vulnerable code is located in the _calculateNextEpochRewards function of the smart contract.
As you can see, the claimedRewardsInNextEpoch variable is being assigned to the value of rewardsClaimed[nextEpoch], which could cause unexpected behavior if rewardsClaimed is not initialized.
Tools Used
vscode
Recommended Mitigation Steps
The
rewardsClaimed
variable in the smart contract, either by setting it to a default value or by setting it to a value provided by the user.Assessed type
DoS