If rewards are given in fee-on-transfer tokens, users may get no rewards, breaking functionality
Med: Assets not at direct risk, but the function of the protocol or its availability could be impacted, or :::leak value with a hypothetical attack path with stated assumptions:::, but external requirements.
(emphasis mine)
The underlying BAL protocol support fee-on-transfer tokens, so so should Aura
File: contracts/ExtraRewardsDistributor.sol #1
87 function _addReward(
88 address _token,
89 uint256 _amount,
90 uint256 _epoch
91 ) internal nonReentrant {
92 // Pull before reward accrual
93 IERC20(_token).safeTransferFrom(msg.sender, address(this), _amount);
94
95 //convert to reward per token
96 uint256 supply = auraLocker.totalSupplyAtEpoch(_epoch);
97 uint256 rPerT = (_amount * 1e20) / supply;
98 rewardData[_token][_epoch] += rPerT;
If a fee is charged the total amount available to be transferred later will be less than the _amount passed in.
Consider the following scenario:
User A holds 98% of the total supply of vlBAL (the system is being bootstrapped)
User B holds 1%
User C holds 1%
File: contracts/ExtraRewardsDistributor.sol #2
87 function _addReward(
88 address _token,
89 uint256 _amount,
90 uint256 _epoch
91 ) internal nonReentrant {
92 // Pull before reward accrual
93 IERC20(_token).safeTransferFrom(msg.sender, address(this), _amount);
94
95 //convert to reward per token
96 uint256 supply = auraLocker.totalSupplyAtEpoch(_epoch);
97 uint256 rPerT = (_amount * 1e20) / supply;
98 rewardData[_token][_epoch] += rPerT;
Code inspection
Measure the contract balance before and after the transfer, and use the difference as the amount, rather than the stated amount
The text was updated successfully, but these errors were encountered:
All reactions