Lines of code

Vulnerability details

It was observed that execute_claim_rewards/execute_decrease_balance/execute_increase_balance are missing to update the global index before calculating user rewards in anchor_basset_reward contract
This can lead to serious consequences:

1. execute_increase_balance function: Since global index is not updated, newly added balance will onboard with previous global index which could be lesser than current global index. If global index is updated later and user now claims, user will get higher reward for the amount he added which is incorrect
2. execute_claim_rewards/execute_decrease_balance: Since global index is not updated, user claim amount will be calculated based on older global index which means user will receive less payout than he was entitled to

#Contract

Proof of Concept

1. Global index is 1
2. Multiple transaction happens where users have claimed and new balances have been added and decreased
3. Since execute_update_global_index function was not called so global index remains 1 instead of 1+a
4. Assume User A has existing balance of 1000.
5. execute_increase_balance function is called for User A with a balance amount of 500.
6. Since global index is still 1, reward for user A is calculated on amount 1000 with global index 1. Also amount 500 is added for user A and holder.index is set to 1 instead of 1+x
7. Admin calls execute_update_global_index function which update global index to 1+x
8. User A call execute_claim_rewards which computes the rewards for full amount 1000+500 with global index 1+x. This is wrong since global index was not updated and should have already been 1+x when user added 500 amount

Recommendation:

This should be revised as done in below contract:
<https://github.com/code-423n4/2022-02-anchor/blob/main/contracts/anchor-bEth-contracts/contracts/anchor_beth_reward/src/user.rs&gt;

The text was updated successfully, but these errors were encountered:

All reactions