search

sherlock-audit / 2024-03-vvv-vesting-staking-judging

2 stars 1 forks source link

kaancaglan - Inaccurate Exchange Rate in `calculateAccruedVvvAmount` Function #3

Closed sherlock-admin4 closed 7 months ago

sherlock-admin4 commented 7 months ago

kaancaglan

medium

Inaccurate Exchange Rate in calculateAccruedVvvAmount Function

Summary

The Ethereum staking contract incorporates a function, calculateAccruedVvvAmount, designed to compute the total amount of $VVV tokens accrued for a given stake based on the amount of ETH staked, the staking duration, and an exchange rate between ETH and $VVV. A critical issue with this functionality is identified in the use of a constant, static exchange rate of 1:1 (ETH:VVV) defined in the ethToVvvExchangeRate function, which does not reflect market realities and could lead to significant discrepancies in rewards calculations.

Vulnerability Detail

The ethToVvvExchangeRate function returns a hardcoded value of 1, suggesting a 1:1 exchange rate between ETH and $VVV. This approach fails to account for the volatile nature of cryptocurrency values, where the exchange rate between two currencies can fluctuate widely within short periods. Relying on a static exchange rate for calculating staking rewards can result in inaccurate accrual of $VVV tokens, potentially disadvantaging users or the platform depending on market movements.

Impact

The primary impact of this issue is twofold:

Code Snippet

///@notice Returns the exchange rate of ETH to $VVV for staking reward accrual
function ethToVvvExchangeRate() public pure returns (uint256) {
    return 1;
}

Link

Tool used

Manual Review

Recommendation

To address this issue and align the staking rewards calculation with real-world dynamics, the following recommendation is proposed:

sherlock-admin3 commented 7 months ago

1 comment(s) were left on this issue during the judging contest.

itsabinashb commented:

Invalid because the exchange rate is correct.