search

code-423n4 / 2024-01-salty-findings

4 stars 3 forks source link

When the pool is unwhitelisted the SALT in the emitter is stuck #1001

Open c4-bot-4 opened 5 months ago

c4-bot-4 commented 5 months ago

Lines of code

https://github.com/code-423n4/2024-01-salty/blob/53516c2cdfdfacb662cdea6417c52f23c94d5b5b/src/rewards/RewardsEmitter.sol#L94

Vulnerability details

SALT is added to the RewardsEmitter for later distribution to the specified whitelisted pools and only 1% per day of the pendingRewards are transferred to the pools.

When performUpkeep is called in the RewardsEmitter.sol for the CollateralAndLiquidity, only the whitelisted pools will receive rewards. This will be a problem once the pool gets unwhitelisted and has pendingRewards that werent distributed yet. SALT will just be stuck in the emitter and there wont be a way to withdraw it

Impact

SALT gets stuck in the emitter and it cant be withdrawn by anyone.

Proof of Concept

100,000 SALT gets allocated to a pool so the pendingRewards = 100,000 SALT

This pool then gets unwhitelisted and 100k SALT was not distributed and is now just stuck in the emitter.

if ( isForCollateralAndLiquidity ) {
    poolIDs = poolsConfig.whitelistedPools();
}

As you can see in performUpkeep() only whitelisted pools will receive their pending rewards

Tools Used

Manual Review

Recommended Mitigation Steps

Add a function in the emitter to withdraw the SALT in cases like this

Assessed type

Other

c4-judge commented 5 months ago

Picodes marked the issue as duplicate of #635

c4-judge commented 4 months ago

Picodes changed the severity to QA (Quality Assurance)

c4-judge commented 4 months ago

Picodes marked the issue as grade-b