Handle

xYrYuYx

Vulnerability details

Impact

User could lost funds if owner take reward which is not multiplier of allocatedTokensPerEpoch.

#Proof of Concept
This is my test case to proof this issue.

This issue occur because of Line 104
<https://github.com/code-423n4/2021-10-covalent/blob/main/contracts/DelegatedStaking.sol#L104&gt;

Ex.
If allocatedTokensPerEpoch is 1 CQT.
and now available epoch = 10.
It means that there are 10 CQT available as a reward.
Now owner can takeOut 5.5 CQT.
In this case, reward amount will be reduced to 4.5 CQT, but remaining epoch is still 5.
Because 5.5 CQT / allocatedTokensPerEpoch = 5 (this is solidity division)

So 0.5 CQT is missing in reward, so this missing reward will be paid from user’s staked amount.

Tools Used

Hardhat test

Recommended Mitigation Steps

Re-calculate amount to take out.

update Line 113 to transferFromContract(owner(), epochs * allocatedTokensPerEpoch);

The text was updated successfully, but these errors were encountered:

All reactions