Omniscia Echidna Finance Audit

RewardPool Manual Review Findings

RewardPool Manual Review Findings

RPL-01M: Improper Unstaking Reward Tracking

TypeSeverityLocation
Logical FaultMajorRewardPool.sol:L208

Description:

The unStake function improperly updates the rewards for the msg.sender rather than the _for address, causing it to be out of sync.

Example:

contracts/rewards/RewardPool.sol
204function unStake(
205    address _for,
206    uint256 amount,
207    bool claim
208) public override updateReward(msg.sender) returns (bool) {

Recommendation:

We strongly recommend the _for argument to be passed in to the updateReward call instead as otherwise the staking reward system is compromised.

Alleviation:

The correct argument is now passed in to the updateReward modifier.

Prev

RewardFactory.sol (RFY-M)

Next

VeEcdRewardsPool.sol (VER-M)

On this page