search

sherlock-audit / 2024-06-magicsea-judging

8 stars 5 forks source link

Praise03 - Incorrect Implementation Of Rewards Calculation #683

Closed sherlock-admin4 closed 4 months ago

sherlock-admin4 commented 4 months ago

Praise03

Medium

Incorrect Implementation Of Rewards Calculation

Impact

Every opened position after the first created position gets no rewards, as all shares is allocated to the first user.

Code Snippet

function testFirstUserGetsAllRewards() public {

        address ME = makeAddr("me");

        _stakingToken.mint(ALICE, 2 ether);
        _stakingToken.mint(BOB, 4 ether);
        _stakingToken.mint(ME, 4 ether);

        _rewardToken.mint(address(_pool), 100_000_000);        

        vm.startPrank(ALICE);
        _stakingToken.approve(address(_pool), 1 ether);
        _pool.createPosition(1 ether, 1 days);
        vm.stopPrank();

        vm.startPrank(BOB);
        _stakingToken.approve(address(_pool), 4 ether);
        _pool.createPosition(2 ether, 2 days);
        vm.stopPrank();

        vm.startPrank(ME);
        _stakingToken.approve(address(_pool), 4 ether);
        _pool.createPosition(3 ether, 3 days);
        vm.stopPrank();

        skip(0.5 days);

        console.log(_pool.pendingRewards(1)); //returns 99999999

        console.log(_pool.pendingRewards(2)); // returns 0

        console.log(_pool.pendingRewards(3)); // returns 0
    }

In the above POC, it is shown that when the pool is initialized with reward tokens, the first depositor gains all the reward tokens due to failure to accurately recalculate the Reward Per Shares on the addition of new positions.

Tool used

Manual Review

Recommendation

Recalculate the rewards for each user taking into account newly opened positions before harvesting or withdrawal.

Duplicate of #116