SALT is added to the RewardsEmitter for later distribution to the specified whitelisted pools and only 1% per day of the pendingRewards are transferred to the pools.
When performUpkeep is called in the RewardsEmitter.sol for the CollateralAndLiquidity, only the whitelisted pools will receive rewards. This will be a problem once the pool gets unwhitelisted and has pendingRewards that werent distributed yet. SALT will just be stuck in the emitter and there wont be a way to withdraw it
Impact
SALT gets stuck in the emitter and it cant be withdrawn by anyone.
Proof of Concept
100,000 SALT gets allocated to a pool so the pendingRewards = 100,000 SALT
This pool then gets unwhitelisted and 100k SALT was not distributed and is now just stuck in the emitter.
if ( isForCollateralAndLiquidity ) {
poolIDs = poolsConfig.whitelistedPools();
}
As you can see in performUpkeep() only whitelisted pools will receive their pending rewards
Tools Used
Manual Review
Recommended Mitigation Steps
Add a function in the emitter to withdraw the SALT in cases like this
Lines of code
https://github.com/code-423n4/2024-01-salty/blob/53516c2cdfdfacb662cdea6417c52f23c94d5b5b/src/rewards/RewardsEmitter.sol#L94
Vulnerability details
SALT is added to the RewardsEmitter for later distribution to the specified whitelisted pools and only 1% per day of the
pendingRewards
are transferred to the pools.When
performUpkeep
is called in the RewardsEmitter.sol for the CollateralAndLiquidity, only the whitelisted pools will receive rewards. This will be a problem once the pool gets unwhitelisted and haspendingRewards
that werent distributed yet. SALT will just be stuck in the emitter and there wont be a way to withdraw itImpact
SALT gets stuck in the emitter and it cant be withdrawn by anyone.
Proof of Concept
100,000 SALT gets allocated to a pool so the pendingRewards = 100,000 SALT
This pool then gets unwhitelisted and 100k SALT was not distributed and is now just stuck in the emitter.
As you can see in performUpkeep() only whitelisted pools will receive their pending rewards
Tools Used
Manual Review
Recommended Mitigation Steps
Add a function in the emitter to withdraw the SALT in cases like this
Assessed type
Other