2 matches found
Reward distribution logic of the ProtocolRewardsPool and EUSDMiningIncentives contracts are fundamentally wrong, resulting in excess rewards for users
Lines of code Vulnerability details Impact The reward distribution logic of the ProtocolRewardsPool and EUSDMiningIncentives contracts effectively allow a user to mint much more rewards than they should be allowed to. This is possible because, unlike a true implementation of the synthetix staking...
Attacker could make deposits of 1 wei in the yield contract to prevent excess rewards from being withdrawn
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept If an attacker makes many deposits of 1 wei the staking pool creator will have to make the withdraws himself to remove the unclaimed reward tokens. This can mean the pool creator will...