Closed c4-bot-10 closed 7 months ago
Misbehaving reward notifier, OOS see README:
Publicly Known Issues
- A misbehaving reward notifier contract could grief stakers by frequently notifying this contract of tiny rewards, thereby continuously stretching out the time duration over which real rewards are distributed. It is required that reward notifiers supply reasonable rewards at reasonable intervals.
- A misbehaving reward notifier contract could falsely notify this contract of rewards that were not actually distributed, creating a shortfall for those claiming their rewards after others. It is required that a notifier contract always transfers the
_amount
to this contract before calling this method.
MarioPoneder marked the issue as unsatisfactory: Out of scope
Lines of code
https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L570-L582 https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L188
Vulnerability details
Impact
When a Reward notifier with intent to renew rewards, calls
UniStaker.notifyRewardAmount()
with zero amount when timestamp is greater than previous rewardEndTime. ThecaledRewardRate
is set to 0With this, the rewardPerTokenAccumulatedCheckpoint will remain the same during checkpoints until the notifyRewardAmount() function is called again with a valid amount.
Proof of Concept
https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/UniStaker.sol#L570-L582
Tools Used
Manual
Recommended Mitigation Steps
Apply zero amount checks
Assessed type
Other