Fast Khaki Raccoon
Medium
Sometimes rewards may not be accrued, which would enable users to claim them even if they have joined the pool after they have been distributed.
If the pool has high slippage it would revert the bellow try inside _swapForRewards which would enter us in the catch, which would just store the rewards, allowing the next caller of depositFromPairedLpToken or depositRewards to accrue them.
try DEX_ADAPTER.swapV3Single(
PAIRED_LP_TOKEN,
rewardsToken,
REWARDS_POOL_FEE,
_amountIn,
_amountIn == REWARDS_SWAP_OVERRIDE_MIN
? 0
: (_amountOut * (1000 - REWARDS_SWAP_SLIPPAGE)) / 1000,
address(this)
) {
_rewardsSwapAmountInOverride = 0;
if (_adminAmt > 0) {
_processAdminFee(_adminAmt);
}
_depositRewards(rewardsToken, IERC20(rewardsToken).balanceOf(address(this)) - _balBefore);
} catch {
_rewardsSwapAmountInOverride = _amountIn / 2 < REWARDS_SWAP_OVERRIDE_MIN
? REWARDS_SWAP_OVERRIDE_MIN
: _amountIn / 2;
IERC20(PAIRED_LP_TOKEN).safeDecreaseAllowance(address(DEX_ADAPTER), _amountIn);
emit RewardSwapError(_amountIn);
}No response
No response
- There are rewards to be processed
- The TWAP price to be calculated has a deviation % compared to the current spot price bigger than the slippage (can be purposefully manipulated by Alice by swapping enough to go over the allowed slippage compared to the TWAP price)
- Alice stakes and due to the slippage, we go in the catch block where the rewards are stored to be processed for next time, the reward per share is not updated
- Alice can now claim her rewards which will update the reward per share based on the rewards that were supposed to be processed last time but weren't due to the slippage revert
- Alice got rewards for a period she wasn't staked in which breaks the intended functionality, leads to a profit for Alice and leads to a loss of funds for other stakers
Users would claim rewards for time that they were not staked in.
No response
A simple fix would be to make the catch swap with lower slippage protection.