First thing that we can see is that the update_period is not in a loop, so if the function isn't called for a week, tokens will not be minted at all for that week and that week will be skipped ,resulting in loss of funds for a week.
The problem with the 2nd week actually comes within the Voter contract.
function notifyRewardAmount(uint256 amount) external {
require(msg.sender == minter, "!minter");
IERC20Upgradeable(base).safeTransferFrom(msg.sender, address(this), amount);
uint256 _totalWeight = totalWeightAt(_epochTimestamp() - 1 weeks); // minter call notify after updates active_period, loads votes - 1 week // problmatic line
uint256 _ratio = 0;
if (_totalWeight > 0) _ratio = (amount * 1e18) / _totalWeight; // 1e18 adjustment is removed during claim
if (_ratio > 0) {
index += _ratio;
}
emit NotifyReward(msg.sender, base, amount);
}
When notifiying the reward, it will get the weight at active_period - 1 weeks. Since we skipped a period, it means that it will get the balance at the week for which there were no updates, which has totalWeight 0. Since the totalWeight is 0, rewards will not be distributed and will be lsot.
Github username: @deadrosesxyz Twitter username: @deadrosesxyz Submission hash (on-chain): 0xa064fe8d4eacbc9c23301e44ef16a16ec72b84acd6ae7cc0a7cdfaaf344dc981 Severity: medium
Description: Description\ Not calling
update_period
for a week will fully lose the rewards for 2 weeksAttack Scenario\ Let's look at
update_period
First thing that we can see is that the
update_period
is not in a loop, so if the function isn't called for a week, tokens will not be minted at all for that week and that week will be skipped ,resulting in loss of funds for a week. The problem with the 2nd week actually comes within the Voter contract.When notifiying the reward, it will get the weight at
active_period - 1 weeks
. Since we skipped a period, it means that it will get the balance at the week for which there were no updates, which has totalWeight 0. Since thetotalWeight
is 0, rewards will not be distributed and will be lsot.Attachments
Proof of Concept (PoC) File
Revised Code File (Optional)