StakingRewardsV2.sol contract may not work properly on Optimism due to use of block.number
Summary
Summary
The StakingRewardsV2.sol contract uses block.number within its Checkpoint struct, which can cause issues on the Optimism Layer 2 solution due to the differences in block number handling between Ethereum Layer 1 and Optimism.
The Checkpoint struct includes the blk property which stores block.number:
The use of block.number in the Checkpoint struct and related logic can cause inconsistencies on Optimism, where block.number does not increment in the same way as on Ethereum mainnet. This discrepancy can lead to inaccurate checkpoint data, affecting the contract’s functionality related to staking and reward calculations.
Impact
The impact of this vulnerability includes:
Inaccurate checkpoint records, leading to potential discrepancies in user balances and rewards.
Unreliable reward calculations and distributions, causing potential financial loss or unfair reward allocations to users.
I think this should be valid medium severity bug because the protocol devs said this in the previous report:"We decided to keep the block.number in the Checkpoint struct in case we need it in the future. We have however used packing to reduce the gas impact of this."
Bozho
Medium
StakingRewardsV2.sol
contract may not work properly on Optimism due to use ofblock.number
Summary
Summary
The
StakingRewardsV2.sol
contract usesblock.number
within itsCheckpoint
struct, which can cause issues on the Optimism Layer 2 solution due to the differences in block number handling between Ethereum Layer 1 and Optimism.Checkpoint
struct includes theblk
property which storesblock.number
:block.number
is used when adding a new checkpoint:Vulnerability Detail
The use of
block.number
in theCheckpoint
struct and related logic can cause inconsistencies on Optimism, whereblock.number
does not increment in the same way as on Ethereum mainnet. This discrepancy can lead to inaccurate checkpoint data, affecting the contract’s functionality related to staking and reward calculations.Impact
The impact of this vulnerability includes:
I think this should be valid medium severity bug because the protocol devs said this in the previous report: "We decided to keep the block.number in the Checkpoint struct in case we need it in the future. We have however used packing to reduce the gas impact of this."
Code Snippet
Recommendation
Just remove the use of
block.number
because the code already store theblock.timestamp
in the checkpoints mapping.Root Cause
No response
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
No response
PoC
No response
Mitigation
No response