Lines of code
Vulnerability details
Impact
When adding new token pool for staking in MasterChef contract
function add(address _token, uint _allocationPoints, uint16 _depositFee, uint _startBlock)
All other, already added, pools should be updated but currently they are not.
Instead, only totalPoints is updated. Therefore, old (and not updated) pools will lose itβs share during the next update.
Therefore, user rewards are not computed correctly (will be always smaller).
Proof of Concept
Scenario 1:
- Owner adds new pool (first pool) for staking with points = 100 (totalPoints=100)
and 1 block later Alice stakes 10 tokens in the first pool.
- 1 week passes
- Alice withdraws her 10 tokens and claims X amount of reward tokens.
and 1 block later Bob stakes 10 tokens in the first pool.
- 1 week passes
- Owner adds new pool (second pool) for staking with points = 100 (totalPoints=200)
and 1 block later Bob withdraws his 10 tokens and claims X/2 amount of reward tokens.
But he should get X amount
Scenario 2:
- Owner adds new pool (first pool) for staking with points = 100 (totalPoints=100).
- 1 block later Alice, Bob and Charlie stake 10 tokens there (at the same time).
- 1 week passes
- Owner adds new pool (second pool) for staking with points = 400 (totalPoints=500)
- Right after that, when Alice, Bob or Charlie wants to withdraw tokens and claim rewards they will only be able to claim 20% of what they should be eligible for, because their pool is updated with 20% (100/500) rewards instead of 100% (100/100) rewards for the past week.
Tools Used
Manual review
Recommended Mitigation Steps
Update all existing pools before adding new pool. Use the massUdpate() function which is already present β¦ but unused.
The text was updated successfully, but these errors were encountered:
All reactions