Rebasing tokens are tokens that change in value over time (go up or down). In the case it increases, it allows for the possibility of excess tokens in the pool. Excess tokens solely go to the fee recipient, rather than the holder.
Vulnerability Detail
In NapierPool.sol, when a new pool is created, the fee recipient is initialized on construction of the contract. The protocol does not explain who exactly the fee recipient is, but it is likely the owner of the pool.
Rebasing tokens can increase over time, which can cause excess tokens in the pool. The NapierPool.sol contract manages this by including a skim function, which sweeps the excess tokens to the fee recipient. However, in this case, the excess tokens belong to the user who deposited them.
Impact
Users who deposit rebasing tokens will not get back all rewards earned.
Ensure the fee recipient repays any associated taxes with extra rebase tokens or inform your users not to use such tokens if they don't want to lose them.
crypticdefense
medium
Rebasing tokens go to the fee recipient
Summary
Rebasing tokens are tokens that change in value over time (go up or down). In the case it increases, it allows for the possibility of excess tokens in the pool. Excess tokens solely go to the fee recipient, rather than the holder.
Vulnerability Detail
In
NapierPool.sol
, when a new pool is created, the fee recipient is initialized on construction of the contract. The protocol does not explain who exactly the fee recipient is, but it is likely the owner of the pool.Rebasing tokens can increase over time, which can cause excess tokens in the pool. The
NapierPool.sol
contract manages this by including askim
function, which sweeps the excess tokens to the fee recipient. However, in this case, the excess tokens belong to the user who deposited them.Impact
Users who deposit rebasing tokens will not get back all rewards earned.
Code Snippet
https://github.com/sherlock-audit/2024-01-napier/blob/main/v1-pool/src/NapierPool.sol#L82-L83
https://github.com/sherlock-audit/2024-01-napier/blob/main/v1-pool/src/NapierPool.sol#L107-L140
https://github.com/sherlock-audit/2024-01-napier/blob/main/v1-pool/src/NapierPool.sol#L519-L534
Tool used
Manual Review
Recommendation
Ensure the fee recipient repays any associated taxes with extra rebase tokens or inform your users not to use such tokens if they don't want to lose them.