Open code423n4 opened 1 year ago
JeffCX marked the issue as duplicate of #161
0xean marked the issue as satisfactory
0xean changed the severity to 2 (Med Risk)
0xean marked the issue as selected for report
LybraFinance marked the issue as sponsor acknowledged
Lines of code
https://github.com/code-423n4/2023-06-lybra/blob/main/contracts/lybra/miner/ProtocolRewardsPool.sol#L196
Vulnerability details
Impact
If
ProtocolRewardsPool
is insufficient in EUSD, but has enough PeUSD to give rewards it still reverts, due to wrongif()
statement, thus it is unable to send the rewards to users.Proof of Concept
Users have just emptied
ProtocolRewardsPool
out of EUSD, by claiming rewards withgetReward
. Now the protocol has a new distribution of PeUSD tokens, withLybraConfigurator.distributeRewards
, but when users try to claim their rewardsgetReward
reverts because of this:Because of the constant revert users are not able to claim their rewards and need to wait for EUSD distribution. The other bad thing is that the PeUSD is uncalimable to most extent.Again because of the line bellow, if:
UserA tries to claim his rewards, that are 100e18 in rewards tokens.
Now PeUSD is un-claimable and remains in the contract.
Foundry PoC
Tools Used
Manual Review
Recommended Mitigation Steps
update the
if
as:Assessed type
Math