search

code-423n4 / 2024-03-saltyio-mitigation-findings

0 stars 0 forks source link

M-01 MitigationConfirmed #47

Closed c4-bot-3 closed 6 months ago

c4-bot-3 commented 7 months ago

Lines of code

Vulnerability details

Lines of code

Vulnerability details

Lines of code

Vulnerability details

C4 Issue

https://github.com/code-423n4/2024-01-salty-findings/issues/1021

Comments

The issue highlighted a unique edge case pertaining to the fact that upon a user claiming their rewards, the virtualrewards amountcan round down to zero upon careful selection of share amount as a parameter, as can be seen in the formula below:

uint256 virtualRewardsToRemove = (user.virtualRewards * decreaseShareAmount) / user.userShare;

Passing certain share amounts can force the calculation above to round down to zero, which then means the user can claim more rewards than they should:

claimableRewards = rewardsForAmount - virtualRewardsToRemove;

Mitigation

https://github.com/othernet-global/salty-io/commit/b3b8cb955db2b9f0e47a4964e1e4f833a447a72d

As is evident in the mitigation, The final mitigation for this was to simply round up the virtual rewards as follows:

uint256 virtualRewardsToRemove = Math.ceilDiv(user.virtualRewards * decreaseShareAmount, user.userShare );

Conclusion

LGTM

c4-judge commented 6 months ago

Picodes marked the issue as nullified