search

code-423n4 / 2023-05-ajna-findings

2 stars 0 forks source link

The design flaws have resulted in unfairness in the protocol. #436

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-05-ajna/blob/main/ajna-core/src/RewardsManager.sol#L811-L821

Vulnerability details

Impact

Ordinary traders are not aware that the contract does not have sufficient ajna tokens when receiving rewards, resulting in partial loss of ajna. Smart traders will check the contract token balance before claiming rewards, which leads to unfairness.

Proof of Concept

if (rewardsEarned > ajnaBalance) rewardsEarned = ajnaBalance;

This logic will cause traders to lose part of their rewards.

Tools Used

vsCode Foundry

Recommended Mitigation Steps

Add a "debt" field to store debt information

mapping(address => uint256) internal debt;

Record every potential debt incurred.

function _transferAjnaRewards(uint256 rewardsEarned_) internal {
        // check that rewards earned isn't greater than remaining balance
        // if remaining balance is greater, set to remaining balance
        uint256 ajnaBalance = IERC20(ajnaToken).balanceOf(address(this));
        //@audit
        rewardsEarned_ = rewardsEarned_ + debt[msg.sender];
        if (rewardsEarned_ > ajnaBalance){
            debt[msg.sender] = rewardsEarned_ - ajnaBalance;
            rewardsEarned_ = ajnaBalance;
        } else {
            debt[msg.sender] = 0;
        }

        if (rewardsEarned_ != 0) {
            // transfer rewards to sender
            IERC20(ajnaToken).safeTransfer(msg.sender, rewardsEarned_);
        }
    }

Assessed type

Other

c4-judge commented 1 year ago

Picodes marked the issue as duplicate of #361

c4-judge commented 1 year ago

Picodes marked the issue as satisfactory