search

sherlock-audit / 2024-07-sense-points-marketplace-judging

2 stars 0 forks source link

Clever Powder Ferret - Some reward tokens will be lost if the reward token is a rebasing token #194

Closed sherlock-admin2 closed 2 weeks ago

sherlock-admin2 commented 2 weeks ago

Clever Powder Ferret

Low/Info

Some reward tokens will be lost if the reward token is a rebasing token

Summary

In PointTokenVault, there is a function that allows users to redeem their reward tokens. The problem is that if the reward token is rebasing it means that its balance can change during the time token is in the vault.

Vulnerability Detail

There are rebasing tokens that change its supply according to the market conditions. And they can reflect the different value in different period of time. So let's say the token is a rebasing one and is used inside of the protocol. It's sent to the contract from external protocol and they sit in the vault until they're eventually claimed by the user. Moreover, the amount that user can claim is assigned beforehand:

https://github.com/sense-finance/point-tokenization-vault/blob/dev/contracts/PointTokenVault.sol#L183-189

   if (isMerkleBased) {
            // If it's merkle-based, only those callers with redemption rights can redeem their point token for rewards.

            bytes32 claimHash =
                keccak256(abi.encodePacked(REDEMPTION_RIGHTS_PREFIX, msg.sender, pointsId, _claim.totalClaimable));
            _verifyClaimAndUpdateClaimed(_claim, claimHash, msg.sender, claimedRedemptionRights);
        }

So if the rebasing token was sent into the vault and its balance has changed over time, there will be some leftover in the contract.

Impact

Some tokens will be left inside of the protocol unclaimed as the token balance has changed.

Code Snippet

Tool used

Manual Review.

Recommendation

Explicitly prohibit such tokens or create special functionality to handle them.