Lines of code
<https://github.com/code-423n4/2023-11-canto/blob/335930cd53cf9a137504a57f1215be52c6d67cb3/1155tech-contracts/src/Market.sol#L226-L237>
Assume a user buys some shares and mints it to an NFT and sends the shares to a cold wallet for safety. The following happens:
function _getRewardsSinceLastClaim(uint256 _id) internal view returns (uint256 amount) {
uint256 lastClaimedValue = rewardsLastClaimedValue[_id][msg.sender];
amount =
((shareData[_id].shareHolderRewardsPerTokenScaled - lastClaimedValue) * tokensByAddress[_id][msg.sender]) /
1e18;
}
As at the time of reward computation, tokensByAddress[_id][msg.sender] would be equal to zero. The value is only updated after the latest reward is updated.
In the burnNFT:
uint256 rewardsSinceLastClaim = _getRewardsSinceLastClaim(_id);
rewardsLastClaimedValue[_id][msg.sender] = shareData[_id].shareHolderRewardsPerTokenScaled;
tokensByAddress[_id][msg.sender] += _amount;
Manual review.
Keep the tokensByAddress constant except when transfers or burning occur.
Other
The text was updated successfully, but these errors were encountered:
All reactions