Inconsistency in view functions can lead to users believing they’re due for more BKD rewards #150
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Lines of code
https://github.com/code-423n4/2022-05-backd/blob/2a5664d35cde5b036074edef3c1369b984d10010/protocol/contracts/tokenomics/AmmConvexGauge.sol#L107-L111
https://github.com/code-423n4/2022-05-backd/blob/2a5664d35cde5b036074edef3c1369b984d10010/protocol/contracts/tokenomics/AmmConvexGauge.sol#L129-L134
Vulnerability details
Impact
The view functions used for a user to check their claimable rewards vary in their implementation. This can cause users to believe they are due X amount but will receive Y.
Proof of Concept
If the
inflationRecipient
is set, thenpoolStakedIntegral
will be incremented inclaimableRewards()
but not in any other function likeallClaimableRewards()
orpoolCheckpoint()
.If a user calls
claimableRewards()
after theinflationRepient
has been set,claimableRewards()
will return a larger value thanallClaimableRewards()
or the amount actually returned byclaimRewards()
.Tools Used
Manual review
Recommended Mitigation Steps
To make the logic consistent,
claimableRewards()
needsif (inflationRecipient == address(0))
added to it.The text was updated successfully, but these errors were encountered: