search

sherlock-audit / 2023-07-perennial-judging

2 stars 1 forks source link

WATCHPUG - Past rewards should be settled before changing makerRewardRate / longRewardRate / shortRewardRate #158

Closed sherlock-admin closed 1 year ago

sherlock-admin commented 1 year ago

WATCHPUG

medium

Past rewards should be settled before changing makerRewardRate / longRewardRate / shortRewardRate

Summary

Vulnerability Detail

The reward parameters (makerRewardRate / longRewardRate / shortRewardRate) can be changed by the owner with the updateParameter() function.

The change will be effective immediately, for example, the owner can change all the 3 RewardRates (makerRewardRate / longRewardRate / shortRewardRate) to 0.

For the users with unsettled pending rewards, they will lose them all.

Impact

Code Snippet

https://github.com/sherlock-audit/2023-07-perennial/blob/main/perennial-v2/packages/perennial/contracts/Market.sol#L104-L109

https://github.com/sherlock-audit/2023-07-perennial/blob/main/perennial-v2/packages/perennial/contracts/types/MarketParameter.sol#L125-L140

Tool used

Manual Review

Recommendation

Consider running a settlement of past rewards before updating the RewardRates.

sherlock-admin commented 1 year ago

1 comment(s) were left on this issue during the judging contest.

141345 commented:

l