Closed code423n4 closed 1 year ago
https://github.com/code-423n4/2023-05-maia/blob/cfed0dfa3bebdac0993b1b42239b4944eb0b196c/src/rewards/rewards/FlywheelGaugeRewards.sol#L234
Reward claimers can call the get accrued reward function multiple times and maybe even drain the contract
As we can see there’s no check setting the accrued reward to zero after the rewards have been transferred
Manual review
Add a setter than sets the reward to zero after the function has been called
Reentrancy
trust1995 marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-05-maia/blob/cfed0dfa3bebdac0993b1b42239b4944eb0b196c/src/rewards/rewards/FlywheelGaugeRewards.sol#L234
Vulnerability details
Impact
Reward claimers can call the get accrued reward function multiple times and maybe even drain the contract
Proof of Concept
As we can see there’s no check setting the accrued reward to zero after the rewards have been transferred
Tools Used
Manual review
Recommended Mitigation Steps
Add a setter than sets the reward to zero after the function has been called
Assessed type
Reentrancy