search

code-423n4 / 2023-06-reserve-findings

1 stars 0 forks source link

Loss of staking yield for stakers when another user stakes in pause/frozen state #43

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/reserve-protocol/protocol/blob/c4ec2473bbcb4831d62af55d275368e73e16b984/contracts/p1/StRSR.sol#L222-L232

Vulnerability details

Impact

Loss of staking yield for stakers when another user stakes in pause/frozen state.

Proof of Concept

Issue #148 from previous audit is present again. As i can see it was mitigated. But maybe after that new code changes were made, so this issue is present again.

Tools Used

VsCode

Recommended Mitigation Steps

In case if you can't call payoutRewards when frozen, then do not allow to call stake as well.

Assessed type

Error

c4-judge commented 1 year ago

0xean marked the issue as duplicate of #24

c4-judge commented 1 year ago

0xean marked the issue as satisfactory