Closed c4-bot-1 closed 7 months ago
User self-harm and requires malicious reward notifier.
Misbehaving reward notifier, OOS see README:
Publicly Known Issues
- A misbehaving reward notifier contract could grief stakers by frequently notifying this contract of tiny rewards, thereby continuously stretching out the time duration over which real rewards are distributed. It is required that reward notifiers supply reasonable rewards at reasonable intervals.
- A misbehaving reward notifier contract could falsely notify this contract of rewards that were not actually distributed, creating a shortfall for those claiming their rewards after others. It is required that a notifier contract always transfers the
_amount
to this contract before calling this method.
MarioPoneder marked the issue as unsatisfactory: Insufficient quality
Lines of code
https://github.com/code-423n4/2024-02-uniswap-foundation/blob/491c7f63e5799d95a181be4a978b2f074dc219a5/src/UniStaker.sol#L271
Vulnerability details
Impact
In Unistaker.sol the stake function allows users to set any beneficiary to receive rewards. If the receiver of rewards is the Unistake Contract then that fraction of rewards will be locked permanently in the contract. The primary impact is this can lock funds permanently in the protocol, cheating users out of significant future earning, dependent on the economic power of the attacker. The secondary impact is this could incentivise degenerate cases(as already known) in false reward distribution as the locked reward token balance will inflate at a rapid rate as more reward are distributed into the protocol. At this point only a single false reward notification is required to leave the protocol insolvent.
Proof of Concept
As can be seen from the console logs
An attacker with 50% economic power will lock 50 percent of the reward token received permanently in the protocol, meaning other users stand to lose 50% of their rewards permanently for the rest of the protocols lifetime.
This could also supplement further reward distribution abuse due to the line
which could lead to an insolvent protocol due to false reward representation, however this is not in scope for the concept.
Tools Used
forge
Recommended Mitigation Steps
I would recommend that users be prevented from staking to the uniStaker contract.
Assessed type
Uniswap