no _payoutRewards() in withdraw function

[c4-bot-10]

Lines of code

https://github.com/code-423n4/2024-07-reserve/blob/main/contracts/p1/StRSR.sol#L304

Vulnerability details

Impact

Detailed description of the impact of this finding. No _payoutRewards() in withdraw.

Proof of Concept

Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.

function withdraw(address account, uint256 endId) external { _requireNotTradingPausedOrFrozen();

    uint256 firstId = firstRemainingDraft[draftEra][account];
    CumulativeDraft[] storage queue = draftQueues[draftEra][account];
    if (endId == 0 || firstId >= endId) return;

    // == Checks + Effects ==
    require(endId <= queue.length, "index out-of-bounds");
    require(queue[endId - 1].availableAt <= block.timestamp, "withdrawal unavailable");

    // untestable:
    //      firstId will never be zero, due to previous checks against endId
    uint192 oldDrafts = firstId != 0 ? queue[firstId - 1].drafts : 0;
    uint192 draftAmount = queue[endId - 1].drafts - oldDrafts;

    // advance queue past withdrawal
    firstRemainingDraft[draftEra][account] = endId;

    // ==== Compute RSR amount
    uint256 newTotalDrafts = totalDrafts - draftAmount;
    // newDraftRSR: {qRSR} = {qDrafts} * D18 / D18{qDrafts/qRSR}
    uint256 newDraftRSR = (newTotalDrafts * FIX_ONE_256 + (draftRate - 1)) / draftRate;
    uint256 rsrAmount = draftRSR - newDraftRSR;

    if (rsrAmount == 0) return;

    // ==== Transfer RSR from the draft pool
    totalDrafts = newTotalDrafts;
    draftRSR = newDraftRSR;

    // == Interactions ==
    leakyRefresh(rsrAmount);
    IERC20Upgradeable(address(rsr)).safeTransfer(account, rsrAmount);
    emit UnstakingCompleted(firstId, endId, draftEra, account, rsrAmount);

    // == Checks ==
    require(basketHandler.isReady() && basketHandler.fullyCollateralized(), "RToken readying");
}

Tools Used

Recommended Mitigation Steps

add _payoutRewards in withdraw.

Assessed type

Context