Lines of code
<https://github.com/code-423n4/2023-08-livepeer/blob/a3d801fa4690119b6f96aeb5508e58d752bda5bc/contracts/bonding/libraries/EarningsPoolLIP36.sol#L59>
the vulnerable part in code :
uint256 prevCumulativeRewardFactor = _prevEarningsPool.cumulativeRewardFactor != 0
? _prevEarningsPool.cumulativeRewardFactor
: PreciseMathUtils.percPoints(1, 1);
earningsPool.cumulativeRewardFactor = prevCumulativeRewardFactor.add(
PreciseMathUtils.percOf(prevCumulativeRewardFactor, _rewards, earningsPool.totalStake)
);
}
}
The prevCumulativeRewardFactor is initialized as _prevEarningsPool.cumulativeRewardFactor if itβs not equal to zero, so itβs initialized to PreciseMathUtils.percPoints(1, 1).
The problem is that if _prevEarningsPool.cumulativeRewardFactor is zero, itβs being set to PreciseMathUtils.percPoints(1, 1), which is equivalent to 1 in terms of percentage points. This might not be the desired behavior, especially if _prevEarningsPool.cumulativeRewardFactor is meant to represent a cumulative factor and can lead to incorrect calculations and potentially affect reward distribution for users in an earnings pool.
here real Scenario:
manual review
an example of how to fix the issue :
uint256 prevCumulativeRewardFactor;
if (_prevEarningsPool.cumulativeRewardFactor != 0) {
prevCumulativeRewardFactor = _prevEarningsPool.cumulativeRewardFactor;
} else {
prevCumulativeRewardFactor = PreciseMathUtils.percPoints(1, 1);
}
earningsPool.cumulativeRewardFactor = prevCumulativeRewardFactor.add(
PreciseMathUtils.percOf(prevCumulativeRewardFactor, _rewards, earningsPool.totalStake)
);
Other
The text was updated successfully, but these errors were encountered:
All reactions