Detailed description of the impact of this finding.
description: The identified vulnerability stems from the potential for an attacker to engage in front-running within the _checkpointGlobalReward function of the staking contract. By monitoring the blockchain for transactions calling the receiveRewards function and placing a high gas fee transaction to deposit a substantial amount of tokens just before the receiveRewards transaction is confirmed, the attacker can manipulate the rewardPerTokenAccumulatedCheckpoint and lastCheckpointTime to reflect the inflated token amount. Consequently, when the receiveRewards transaction is processed, rewards are calculated and distributed based on this inflated stake, allowing the attacker to claim a disproportionate share of the rewards upon withdrawal. This manipulation effectively allows the attacker to extract miner-extractable value (MEV) and constitutes theft of unclaimed yield, severely impacting the fairness of reward distribution and resulting in financial losses for honest stakers.
Finding Recommendation:
To address this vulnerability and prevent front-running attacks on the rewards distribution mechanism, it is recommended to implement safeguards such as:
Implementing a delay or lockup period before rewards can be claimed after a deposit is made to prevent attackers from quickly withdrawing their funds and rewards.
Implementing a cap on the amount of rewards that can be claimed based on the duration of staking, to prevent disproportionately large rewards for short staking periods.
Using secure timestamping techniques or oracle verification to ensure the accuracy of reward calculations and prevent manipulation of timing.
Auditing the contract code to identify and address any other potential vulnerabilities that could be exploited in a similar manner.
By implementing these safeguards, the contract can mitigate the risk of MEV extraction through front-running attacks and ensure a fair distribution of rewards to all stakers.
Lines of code
https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L753-L756
Vulnerability details
Impact
Detailed description of the impact of this finding. description: The identified vulnerability stems from the potential for an attacker to engage in front-running within the
_checkpointGlobalReward
function of the staking contract. By monitoring the blockchain for transactions calling thereceiveRewards
function and placing a high gas fee transaction to deposit a substantial amount of tokens just before thereceiveRewards
transaction is confirmed, the attacker can manipulate therewardPerTokenAccumulatedCheckpoint
andlastCheckpointTime
to reflect the inflated token amount. Consequently, when thereceiveRewards
transaction is processed, rewards are calculated and distributed based on this inflated stake, allowing the attacker to claim a disproportionate share of the rewards upon withdrawal. This manipulation effectively allows the attacker to extract miner-extractable value (MEV) and constitutes theft of unclaimed yield, severely impacting the fairness of reward distribution and resulting in financial losses for honest stakers.Proof of Concept
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L753-L756
Tools Used
Recommended Mitigation Steps
Finding Recommendation: To address this vulnerability and prevent front-running attacks on the rewards distribution mechanism, it is recommended to implement safeguards such as:
By implementing these safeguards, the contract can mitigate the risk of MEV extraction through front-running attacks and ensure a fair distribution of rewards to all stakers.
Assessed type
MEV