TokenStreamSplitter Manual Review Findings

TSS-01M: Inefficient & Incorrect Distribution Count Evaluation

Type	Severity	Location
Logical Fault		TokenStreamSplitter.sol:L74, L76, L82, L87

Description:

The pending input amounts with update in the TokenStreamSplitter::_distribute function will not change within a single transaction, indicating that the gas-intensive evaluation loop should be processed once even if no rewards were obtained.

Additionally, a user interacting in a block where no new rewards have been observed will have lost any rewards from previous blocks as their poke operation will not be processed.

Impact:

Poke operations may operate on an outdated distributeCount value that may result in incorrect reward tracking.

Example:

Copy
73function _distribute() internal {
74    if (!_shouldDistribute()) return;
75    address[] memory inputTokens = _inputTokens();
76    bool modified;
77    for (uint256 i = 0; i < inputTokens.length; i++) {
78        address token = inputTokens[i];
79        uint128 pendingAmount = _pendingInputAmountWithUpdate(token);
80        uint128 lastSeen = lastSeenPendingInputAmounts[token];
81        if (pendingAmount > lastSeen) {
82            modified = true;
83            ledger.distribute(token, pendingAmount - lastSeen);
84            lastSeenPendingInputAmounts[token] = pendingAmount;
85        }
86    }
87    if (modified) distributeCount += 1;
88}

Recommendation:

We advise the distributeCount flag value to be set to 1 regardless of whether a reward was observed so as to optimize consequent invocations of the TokenStreamSplitter::_distribute function.

Alleviation (17c8d4e59f398021156f6f9657ff278aae0462ae):

The codebase was updated to mark the current distribution as being performed regardless of whether new amounts were observed, alleviating the exhibit in full.