search

code-423n4 / 2024-03-saltyio-mitigation-findings

0 stars 0 forks source link

M-01 MitigationConfirmed #67

Closed c4-bot-10 closed 8 months ago

c4-bot-10 commented 8 months ago

Lines of code

Vulnerability details

Comments

In the original implementation, the calculation of virtualRewardsToRemove in StakingRewards#_decreaseUserShare() rounded down in favor of the user, which could result in the last liquidity provider not removing their liquidity due to a lack of SALT reward.

Mitigation

commit b3b8cb9 The calculation of virtualRewardsToRemove in StakingRewards#_decreaseUserShare() rounded up in favor of the protocol in the mitigation. The original issue was resolved.

Conclusion

Confirmed

c4-judge commented 8 months ago

Picodes marked the issue as nullified