Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2023-05-VENUS-FINDINGS-ISSUES-535
HistoryMay 15, 2023 - 12:00 a.m.

Unfair handling of rewards for users with a high amount of rewards

2023-05-1500:00:00
Code4rena
github.com
7
reward handling
vulnerability
user impact
JSON

Lines of code

Vulnerability details

Users can claim their rewards in RewardDistributor.claimRewardToken(). The reward handling part is done in _grantRewardToken():

416: function _grantRewardToken(address user, uint256 amount) internal returns (uint256) {
417:         uint256 rewardTokenRemaining = rewardToken.balanceOf(address(this));
418:         if (amount > 0 && amount <= rewardTokenRemaining) {
419:             rewardToken.safeTransfer(user, amount);
420:             return 0;
421:         }
422:         return amount;
423:     }

The function transfers the rewards to the caller. If there is not enough token balance, the function simply returns.

While this is a logic by design, this is unfair to users.

Users with a high rewardTokenAccrued will not be able to get any reward if the balance is not sufficient. But in the mean time, other users with a lower reward claim will be able to claim.

Impact

In a situation where the total rewardTokenAccrued is high enough (ie that the protocol owner need to periodically transfer tokens to allow users to claim their rewards), users with a high rewards can be grieved and not be able to claim any reward for a while

Tools Used

Manual Analysis

Recommended Mitigation Steps

Allow users to specify how much they want to claim, so that users with a lot of rewards are not penalized.

Assessed type

Other

The text was updated successfully, but these errors were encountered:

All reactions

JSON