Open sherlock-admin4 opened 2 months ago
1 comment(s) were left on this issue during the judging contest.
panprog commented:
high, dup of #477, loss of additional reward from convex. Since it accumulates over 30-days period, the loss will be significant. Both
balanceOf
andsafeTransfer
are incorrect - they should be called onrewardToken().token()
. Different dups of this mention eitherbalanceOf
orsafeTransfer
, but not both, but I consider them to be the same root cause, so all are dups.
The protocol team fixed this issue in the following PRs/commits: https://github.com/Zivoe/zivoe-core-foundry/pull/273
The Lead Senior Watson signed off on the fix.
BoRonGod
high
cannot forward extra rewards from both OCY_Convex to OCT_YDL.
Summary
Convex specifies
rewardContract
to be aVirtualBalanceRewardPool
, but all three OCY_Convex uses it as a ERC20 token, which make it impossible to claim extra rewards and forward them to the OCT_YDL.Vulnerability Detail
According to Convex doc:
But, in current implementation: (take OCY_Convex_A for example)
Tokens cannot be sent to YDL.
Impact
Current OCY_Convex_A, OCY_Convex_B and OCY_Convex_C cannot forward extraRewards to YDL.
Code Snippet
https://github.com/sherlock-audit/2024-03-zivoe/blob/main/zivoe-core-foundry/src/lockers/OCY/OCY_Convex_A.sol#L263 https://docs.convexfinance.com/convexfinanceintegration/baserewardpool#extra-rewards
Tool used
Manual Review
Recommendation
Use the real token address for token transfer.