Lucene search
Code4renaCODE423N4:2023-03-NEOTOKYO-FINDINGS-ISSUES-437HistoryMar 15, 2023 - 12:00 a.m.
Total reward is miscalculating
2023-03-1500:00:00
Code4rena
github.com
5
vulnerability
impact
proof of concept
mitigation
neotokyostaker
Vulnerability details
Impact
In the getPoolReward the calcul of totalReward is wrong because the rewardRate is not updated.
When block.timestamp is less or equal to windows.startTime the reward rate should equal to the current window rate not the previous one.
Proof of Concept
/*
Iterate forward to the present timestamp over any unclaimed reward
windows.
*/
for (uint256 j = i; j < windowCount; ) {
// If the current time falls within this window, complete.
if (block.timestamp <= window.startTime) {
unchecked {
uint256 timeSinceReward = block.timestamp - lastPoolRewardTime;
totalReward += currentRewardRate * timeSinceReward; // @ audit currentRewardRate must be updated
}
Tools Used
Manual review
Recommended Mitigation Steps
In this context, update the currentRewardRate to the current window rate
diff --git a/contracts/staking/NeoTokyoStaker.sol b/contracts/staking/NeoTokyoStaker.sol
index a54d218..9aa2840 100644
--- a/contracts/staking/NeoTokyoStaker.sol
+++ b/contracts/staking/NeoTokyoStaker.sol
@@ -1329,6 +1329,7 @@ contract NeoTokyoStaker is PermitControl, ReentrancyGuard {
if (block.timestamp <= window.startTime) {
unchecked {
uint256 timeSinceReward = block.timestamp - lastPoolRewardTime;
+ currentRewardRate = window.reward;
totalReward += currentRewardRate * timeSinceReward;
}
The text was updated successfully, but these errors were encountered:
All reactions