Small Shamrock Rook
Medium
Updating last_lsttokenvalueWei when LST token value decreases will cause unfair reward accruals, causing loss to NUMA holders.
Upon extracting rewards, in extractInternal(), last_lsttokenvalueWei is set to currentvalueWei.
However, it could be the case that currentValueWei < last_lsttokenvalueWei, since the price feed values can fluctuate.
In such cases, the last token value should not be updated, as it means that when the lst value goes back up, rewards are incorrectly accrued on this increase.
Note that the official exchange rates (which represent accrued staking rewards) of LSTs with ETH are monotonically increasing. However, the price feed with ETH may fluctuate up and down, causing this issue.
rwd_threshold = 0 (as it currently is)
LST/ETH price feed value decreases. This is common and can be seen here in the rETH/ETH chart
- Price feed values LST at 1.05e18
- After an update, Price feed values LST at 1.1e18 (so rewards are accrued)
- After an update, Price feed values LST at 1.05e18 again
last_lsttokenvalueWeiis updated to 1.05e18- Then, the price feed values LST at 1.1e18 (rewards are accrued over the same price increase, twice)
Even though the staking rewards have not increased, price fluctuation paired with the incorrect accounting has made it seem like rewards have accrued twice. This extracts extra value from rETH depositors / NUMA holders.
Extra rewards are accrued, causing de-valuing of NUMA -> loss to NUMA holders.
No response
In NumaVault.extractInternal(), If currentValueWei < last_lsttokenvalueWei, don't update last_lsttokenvalueWei
This ensures that staking rewards are not double-accounted