Closed sherlock-admin closed 9 months ago
Hello,
Thanks a lot for your attention.
After an in-depth review, we have to consider your issue as Invalid. This scenario will never occur.
Regards, Convergence Team
Hi @0xR3vert @shalbe-cvg @walk-on-me,
Could you elaborate more on why do you think this scenario will never occur?
@nevillehuang Because the bribes rewards will never be distributed in SDT by the MultiMerkleStash
of StakeDao.
Their documentation is outdated
detectiveking
high
Protocol doesn't account for the fact that bribe rewards can be provided in SDT instead of sdTKN
Summary
Right now, it seems that the protocol assumes that all bribe rewards will be provided in sdTKN when in fact there are cases where bribe rewards will be provided in SDT instead. This breaks large parts of the protocol.
Vulnerability Detail
From the Stake DAO docs (https://stakedao.gitbook.io/stakedaohq/platform/liquid-lockers/vote-incentives):
Vote incentives are distributed in SDT unless the peg protection mode is activated (sdTKN/TKN peg below 0.99) in which case vote incentives are distributed in sdTKN.
Clearly it is not an option to set the bribe assets to only be sdTKN, as we will lose out on SDT rewards when peg protection mode is not activated.
However, including
SDT
among the bribe assets breaks how theSdtBlackHole
works. TheSdtBlackHole
allows a staking service to set which bribe assets should be sent to it's buffer pair whenpullSdStakingBribes
inSdtBlackHole
is called (of course the origin of this would beprocessSdtRewards
inSdtStakingPositionService
, when we try to gather gauge and bribe rewards). Of course, in the current model, these bribe assets must be disjoint; if multiple staking services have the same bribe asset, then the black hole cannot determine which staking service the bribe asset should be sent to (and consequently it will just be sent to the first one that callsprocessSdtRewards
/pullSdStakingBribes
). This is becausepullSdStakingBribes
looks like this:Notice the
uint256 balance = bribeToken.balanceOf(address(this));
Let's say that we end up setting SDT as a possible bribe asset on all staking services with
setBribeTokens
. Here's an attack that exploits this:processSdtRewards
from the staking service where he has majority staking share. He will end up taking the bribe reward SDT of the other staking service.Impact
Protocol just doesn't distribute bribe rewards correctly between staking services, leading to loss of bribe rewards for many users. Attacker can also potentially steal SDT rewards.
Code Snippet
https://github.com/sherlock-audit/2023-11-convergence/blob/main/sherlock-cvg/contracts/Rewards/StakeDAO/SdtBlackHole.sol#L96-L134
Tool used
Manual Review
Recommendation
You can have a special case for SDT, where after fetching from the
MultiMerkleStash
, you can tell theSdtBlackHole
how muchSDT
it should distribute to a specific staking service.