Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rewards accrued during totalStaked=0 is lost / unrecoverable #20

Closed
c4-bot-3 opened this issue Feb 27, 2024 · 3 comments
Closed

Rewards accrued during totalStaked=0 is lost / unrecoverable #20

c4-bot-3 opened this issue Feb 27, 2024 · 3 comments
Labels
2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working duplicate-369 🤖_06_group AI based duplicate group recommendation unsatisfactory does not satisfy C4 submission criteria; not eligible for awards

Comments

@c4-bot-3
Copy link
Contributor

Lines of code

https://github.com/code-423n4/2024-02-uniswap-foundation/blob/5298812a129f942555466ebaa6ea9a2af4be0ccc/src/UniStaker.sol#L230

Vulnerability details

Impact

When the totalStaked value is 0, or there are no stakers in the pool, any rewards accrued will be lost. This is demonstrated in this simple scenario:

  1. Say there are currently no stakers. A user has called notifyRewardAmount with 30 WETH.
  2. scaledRewardRate is set to 30 WETH / 30 days = 1 WETH/day
  3. After 15 days, a user stakes to the pool. lastCheckpointTime is updated to block.timestamp.
  4. After the full 30 days, the user can claim 1 WETH/day * (15 days) = 15 WETH reward. The remaining 15 WETH is stuck in the contract and cannot be recovered.

This will lead to unrecoverable WETH in the contract.

Proof of Concept

Any rewards accrued during a period of no stakers cannot be recovered.

Tools Used

Manual Review

Recommended Mitigation Steps

Add a recoverWETH admin controlled function which will allow recovering any WETH in the pool provided that the contract still remains solvent.

Assessed type

Token-Transfer
@c4-bot-3 c4-bot-3 added 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working labels Feb 27, 2024
c4-bot-4 added a commit that referenced this issue Feb 27, 2024
@c4-bot-4
carrotsmuggler issue #20
9e50d0f
@c4-bot-12 c4-bot-12 added the 🤖_06_group AI based duplicate group recommendation label Mar 5, 2024
@c4-judge c4-judge closed this as completed Mar 7, 2024
@c4-judge
Copy link
Contributor

c4-judge commented Mar 7, 2024

MarioPoneder marked the issue as duplicate of #9

@c4-judge
Copy link
Contributor

c4-judge commented Mar 7, 2024

MarioPoneder marked the issue as duplicate of #369

@c4-judge
Copy link
Contributor

MarioPoneder marked the issue as unsatisfactory:
Invalid

@c4-judge c4-judge added the unsatisfactory does not satisfy C4 submission criteria; not eligible for awards label Mar 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working duplicate-369 🤖_06_group AI based duplicate group recommendation unsatisfactory does not satisfy C4 submission criteria; not eligible for awards
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@c4-judge @c4-bot-3 @c4-bot-12