Possible loss of unclaimed rewards for long-term frequent stakers
Summary
If a user deposits very frequently over a very long period of time without claiming rewards, the user may not be able to claim the rewards due to gas exhaustion
Vulnerability Detail
The claimCvgSdtRewards and claimCvgRewards functions claims rewards by iterating from the first unclaimed cycle of an user till the present cycle. If an entity make very frequent deposits and doesn't claim the rewards for a long period of time then the user may not be able to claim the rewards since it will cost more than the block gas limit to claim. This limitation although not applicable to any normal user there might be some contract developed to interact with it which might make false assumption regarding the rewards claiming since this issue is not specified anywhere.
As of now it will take around depositing every block for 7 years to reach the block gas limit of Ethereum.
Impact
Possible loss of unclaimed rewards in extremely rare cases
hash
medium
Possible loss of unclaimed rewards for long-term frequent stakers
Summary
If a user deposits very frequently over a very long period of time without claiming rewards, the user may not be able to claim the rewards due to gas exhaustion
Vulnerability Detail
The
claimCvgSdtRewardsandclaimCvgRewardsfunctions claims rewards by iterating from the first unclaimed cycle of an user till the present cycle. If an entity make very frequent deposits and doesn't claim the rewards for a long period of time then the user may not be able to claim the rewards since it will cost more than the block gas limit to claim. This limitation although not applicable to any normal user there might be some contract developed to interact with it which might make false assumption regarding the rewards claiming since this issue is not specified anywhere. As of now it will take around depositing every block for 7 years to reach the block gas limit of Ethereum.Impact
Possible loss of unclaimed rewards in extremely rare cases
Code Snippet
claimCvgRewardshttps://github.com/sherlock-audit/2023-11-convergence/blob/main/sherlock-cvg/contracts/Staking/StakeDAO/SdtStakingPositionService.sol#L429_claimCvgSdtRewardshttps://github.com/sherlock-audit/2023-11-convergence/blob/main/sherlock-cvg/contracts/Staking/StakeDAO/SdtStakingPositionService.sol#L338Tool used
Manual Review
Recommendation
Mention in documentation or give an option to withdraw till an endCycle
Duplicate of #198