H-04 MitigationConfirmed

[c4-bot-7]

Lines of code

Vulnerability details

Comments

virtualRewardsToAdd could exceed the max value of uint128 by manipulating totalRewards[poolID] together with existingTotalShares. This might break the whole protocol:

• deposit a small amount of token (no less than PoolUtils#DUST) to make existingTotalShares small enough by calling Liquidity#depositLiquidityAndIncreaseShare()
• donate some SALT reward to increase totalRewards[poolID] by calling StakingRewards#addSALTRewards()

  Mitigation

  commit 5f79dc4 The mitigation declare UserShareInfo#userShare and UserShareInfo#virtualRewards as uint256 variable. There is no need to cast virtualRewardsToAdd from uint256 to uint128. The mitigation resolved the original issue.

Conclusion

Confirmed

[c4-judge]

Picodes marked the issue as satisfactory