c4-judge
commented
1 year ago 0xean marked the issue as satisfactory
Open code423n4 opened 1 year ago
c4-judge
commented
1 year ago 0xean marked the issue as satisfactory
c4-judge
commented
1 year ago 0xean marked the issue as confirmed for report
Lines of code
Vulnerability details
This issue is mitigated.
Explanation of found problem
StRSR allows user unstake RSR. Later, user can cancel this request by calling
cancelUnstakefunction. Because this function doesn't pay rewards before minting shares, that means that wrong exchange rate will be used and initiator ofcancelUnstakewill receive more shares, then he should and as result other stakers will lose part of rewards as they were not distributed before canceling.How it was fixed
Reserve team fixed this issue, be calling
_payoutRewardsfunction, before minting new shares. So now exchange rate is up to date.