Users might be unable to receive reward if USDC is recovered from the contract
Summary
If USDC is withdrawn from StakingRewardsV2.sol and their are users with > 0 amount of USDCRewards then the getReward function will revert for those users until there is enough USDC in the contract to send as reward.
Vulnerability Detail
The recoverERC20 function in StakingRewardsV2.sol allows the owner to transfer out any ERC20 tokens that aren't kwenta.
USDC is used as a reward token and is sent to users when they call the getReward function if their rewardsUSDC (which tracks the amount of USDC owed to the account) is > 0. If the USDC balance of the contract is less than the rewards owed to the user then the getReward function reverts when it attempts to transfer USDC.
Impact
Users will be unable to receive their rewards until the contract has enough USDC.
Consider not allowing USDC to be recovered in the recoverERC20 function or only transfer USDC in the _getReward function if the balance of USDC in the contract is >= the users owed rewardsUSDC amount.
dipp
Medium
Users might be unable to receive reward if USDC is recovered from the contract
Summary
If USDC is withdrawn from
StakingRewardsV2.sol
and their are users with > 0 amount ofUSDCRewards
then thegetReward
function will revert for those users until there is enough USDC in the contract to send as reward.Vulnerability Detail
The
recoverERC20
function inStakingRewardsV2.sol
allows the owner to transfer out any ERC20 tokens that aren'tkwenta
.USDC
is used as a reward token and is sent to users when they call thegetReward
function if theirrewardsUSDC
(which tracks the amount of USDC owed to the account) is > 0. If the USDC balance of the contract is less than the rewards owed to the user then thegetReward
function reverts when it attempts to transfer USDC.Impact
Users will be unable to receive their rewards until the contract has enough USDC.
Code Snippet
StakingRewardsV2.sol#L710-L714
StakingRewardsV2.sol#L353-L384
Tool used
Manual Review
Recommendation
Consider not allowing USDC to be recovered in the
recoverERC20
function or only transfer USDC in the _getReward function if the balance of USDC in the contract is >= the users owedrewardsUSDC
amount.