The ConvexStakingWrapper._calcRewardIntegral function makes the d_reward = IERC20(reward.token).balanceOf(address(this)); - reward.remaining amount available for claiming.
Then it updates the reward.remaining value to the balance before the distribution.
RewardType memory reward = rewards[_pid][_index];
//get difference in balance and remaining rewards
//getReward is unguarded so we use remaining to keep track of how much was actually claimed
uint256 bal = IERC20(reward.token).balanceOf(address(this));
uint256 d_reward = bal - reward.remaining;
// ...
IERC20(reward.token).transfer(address(claimContract), d_reward);
// ...
//update remaining reward here since balance could have changed if claiming
if (bal != reward.remaining) {
reward.remaining = uint128(bal);
}
rewards[_pid][_index] = reward;
Itβs unclear what the reasoning is but it leads to delayed distributions and breaks withdrawals as uint256 d_reward = bal - reward.remaining; will underflow next time.
Clarify how the reward.remaining variable is supposed to work and fix it.
The text was updated successfully, but these errors were encountered:
All reactions