Closed sherlock-admin2 closed 1 month ago
Front running a reward distribution to earn high rewards is not considered a bug but a legitimate action. Also note that the relevant code for this issue appears in the original Synthetix staking rewards contract and this out of scope.
JuggerNaut63
High
Front-Running Exploit in Reward Rate Update Mechanism
Summary
The
StakingRewards
contract is vulnerable to a front-running exploit where an attacker can monitor pending transactions that update the reward rate and quickly stake tokens before the transaction is mined. This allows the attacker to earn disproportionately high rewards, undermining the fairness and economic balance of the staking system.Vulnerability Detail
notifyRewardAmount
transactions.notifyRewardAmount
transaction, allowing them to stake tokens at the old reward rate.notifyRewardAmount
transaction is mined, the reward rate is updated, and the attacker earns higher rewards than intended.Impact
Code Snippet
https://github.com/sherlock-audit/2024-06-makerdao-endgame/blob/main/endgame-toolkit/src/synthetix/StakingRewards.sol#L144-L163
Tool used
Manual Review
Recommendation
PoC
forge test --match-path test/StakingRewardsExploitTest.sol [⠒] Compiling... No files changed, compilation skipped
Ran 1 test for test/StakingRewardsExploitTest.sol:StakingRewardsExploitTest [PASS] testExploit() (gas: 267189) Suite result: ok. 1 passed; 0 failed; 0 skipped; finished in 1.56ms (370.80µs CPU time)
Ran 1 test suite in 6.63ms (1.56ms CPU time): 1 tests passed, 0 failed, 0 skipped (1 total tests)