function updateRewardsMetadata(Common.Distribution[] calldata distributions)
external
onlyRole(DEFAULT_ADMIN_ROLE)
{
require(distributions.length > 0, "Invalid distributions");
IRewardDistributor(distributor).updateRewardsMetadata(distributions);
}
In the current implementation, DEFAULT_ADMIN_ROLE of BribeVault can call updateRewardsMetadata() to update the rewards metadata for the specified identifiers.
When a distribution’s metadata is updated, it will also increase the updateCount and reset the claimed tracker.
function updateRewardsMetadata(
Common.Distribution[] calldata _distributions
) external {
require(msg.sender == bribeVault, "Invalid access");
require(_distributions.length > 0, "Invalid _distributions");
for (uint256 i = 0; i < _distributions.length; i++) {
// Update the metadata and also increment the update to reset the claimed tracker
Reward storage reward = rewards[_distributions[i].rewardIdentifier];
reward.token = _distributions[i].token;
reward.merkleRoot = _distributions[i].merkleRoot;
reward.proof = _distributions[i].proof;
reward.updateCount += 1;
emit RewardMetadataUpdated(
_distributions[i].rewardIdentifier,
_distributions[i].token,
_distributions[i].merkleRoot,
_distributions[i].proof,
reward.updateCount
);
}
}
However, when the network is congested, DEFAULT_ADMIN_ROLE of BribeVault may mistakenly send 2 updateRewardsMetadata() txs, and the transactions can be packaged into different blocks.
Let’s say there 2 updateRewardsMetadata() tx with the same calldata, if someone claims rewards in between the two txs, then they can claim again after the second transaction.
Given:
Change to:
struct UpdateDistribution {
bytes32 rewardIdentifier;
address token;
bytes32 merkleRoot;
bytes32 proof;
uint256 prevUpdateCount;
}
function updateRewardsMetadata(
Common.UpdateDistribution[] calldata _distributions
) external {
require(msg.sender == bribeVault, "Invalid access");
require(_distributions.length > 0, "Invalid _distributions");
for (uint256 i = 0; i < _distributions.length; i++) {
require(reward.updateCount == _distributions[i].prevUpdateCount, "Invalid updateCount");
// Update the metadata and also increment the update to reset the claimed tracker
Reward storage reward = rewards[_distributions[i].rewardIdentifier];
reward.token = _distributions[i].token;
reward.merkleRoot = _distributions[i].merkleRoot;
reward.proof = _distributions[i].proof;
reward.updateCount += 1;
emit RewardMetadataUpdated(
_distributions[i].rewardIdentifier,
_distributions[i].token,
_distributions[i].merkleRoot,
_distributions[i].proof,
reward.updateCount
);
}
}
The text was updated successfully, but these errors were encountered:
All reactions