There is a _payoutRewards call to payout rewards before updating draftRSR(mint shares) in the cancelUnstake function after the mitigation:
_payoutRewards();
// ==== Transfer RSR from the draft pool
totalDrafts = newTotalDrafts;
draftRSR = newDraftRSR;
emit UnstakingCancelled(firstId, endId, draftEra, account, rsrAmount);
// Mint new stakes
mintStakes(account, rsrAmount);
Lines of code
Vulnerability details
Comments
There is a
_payoutRewards
call to payout rewards before updating draftRSR(mint shares) in thecancelUnstake
function after the mitigation: