Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2022-02-ANCHOR-FINDINGS-ISSUES-32
HistoryMar 09, 2022 - 12:00 a.m.

bETH rewards can be timed

2022-03-0900:00:00
Code4rena
github.com
5
JSON

Lines of code

Vulnerability details

Impact

The bETH reward contract allocates new rewards sent to the contract whenever update_global_index is called.
It should be possible to time the transfer of the rewards to the contract and frontrun it with increasing one’s token balance to capture more rewards, then decrease one’s balance again.
Validators can do it when they see the reward transfer, standard users might be able to time it as well if these reward transfers do not happen randomly.

Recommended Mitigation Steps

Consider not distributing all payments directly on reward transfer / update_global_index call but stream them over a fixed period, similar to what is done with the β€œschedules” in anchor/contracts/anchor-token-contracts/contracts/staking/src/contract.rs.

The text was updated successfully, but these errors were encountered:

All reactions

JSON