in stdBlackHole.pullSdStakingBribes the buffer can take all the bribes for themselves
Vulnerability Detail
the buffer can keep all the bribes to themselves if they choose to by simply setting _processorRewardsPercentage to 0. this will make claimerRewards 0 also and deny the claimer any bribes
Invalid, buffer is not a role, but a contract used to receive and accumulate rewards from a gauge. This function is only called here, where processorRewardsPercentage is already preinitialized to 1.25% here
nevillehuang
commented
11 months ago
bulej93
high
Buffer could cheat claimer out of rewards
Summary
in stdBlackHole.pullSdStakingBribes the buffer can take all the bribes for themselves
Vulnerability Detail
the buffer can keep all the bribes to themselves if they choose to by simply setting
_processorRewardsPercentageto 0. this will makeclaimerRewards0 also and deny the claimer any bribesImpact
loss of bribes to the claimer
Code Snippet
https://github.com/sherlock-audit/2023-11-convergence/blob/main/sherlock-cvg/contracts/Rewards/StakeDAO/SdtBlackHole.sol#L117-L121
Tool used
Manual Review
Recommendation