ERC20 transfers for stakeToken's is not updating the rewards process
Summary
Since the stakeToken's are ERC20 the transfers of these tokens should also change the rewards since the ownership of the tokens will change after the transfer
Vulnerability Detail
As we can see, when an account mints new stake tokens, the fee rewards are updated:
This is crucial to ensure fair accrual of rewards for the users.
However, there is another case where the account's fee rewards will change: when they simply transfer their tokens. All stake tokens are ERC20 tokens, and they have transfer functions that users can use.
mstpr-brainbot
High
ERC20 transfers for stakeToken's is not updating the rewards process
Summary
Since the stakeToken's are ERC20 the transfers of these tokens should also change the rewards since the ownership of the tokens will change after the transfer
Vulnerability Detail
As we can see, when an account mints new stake tokens, the fee rewards are updated:
This is crucial to ensure fair accrual of rewards for the users.
However, there is another case where the account's fee rewards will change: when they simply transfer their tokens. All stake tokens are ERC20 tokens, and they have transfer functions that users can use.
Impact
Unfair accrual of rewards, high.
Code Snippet
https://github.com/sherlock-audit/2024-05-elfi-protocol/blob/8a1a01804a7de7f73a04d794bf6b8104528681ad/elfi-perp-contracts/contracts/process/MintProcess.sol#L68-L91
https://github.com/sherlock-audit/2024-05-elfi-protocol/blob/8a1a01804a7de7f73a04d794bf6b8104528681ad/elfi-perp-contracts/contracts/vault/StakeToken.sol#L7-L25
Tool used
Manual Review
Recommendation
Override the transfer hook in ERC20 and update the rewards whenever the tokens are transferred
Duplicate of #146