14 matches found
changeRewardSpeed function at the MultiRewardStaking contract is incorrectly implemented and can leave the staking of a token on a denial of service state (copy)
Lines of code Vulnerability details Impact The changeRewardSpeed function from the MultiRewardStaking.sol contract lacks documentation on how exactly it should work. By its name and some comments above it, I infer that the function must change the rate of tokens rewards per unit of time. For...
Missed owner accrual in MultiRewardStaking _withdraw() leads to reward loss
Lines of code Vulnerability details Impact Function withdraw can be called from an approved caller to withdraw owner funds. The function accrues rewards for caller and receiver but misses the accrual for owner. If, for example, the owner didn't accrue any reward from the beginning of time and all...
Risk of reentrancy attacks in the claimRewards function
Lines of code Vulnerability details Impact The claimRewards function in the MultiRewardStaking contract is used by users to claim token rewards, but because the function does not contain a nonReentrant modifier and does not implement the CEI standard check-effect-interact it can be subject to...
Wrong first parameter for _calcRewardsEnd when changing reward speed
Lines of code Vulnerability details Impact The function calcRewardsEnd is called with the previousEndTime as first parameter in MultiRewardStaking.changeRewardSpeed, which leads to wrong calculation of the new rewardsEndTimestamp, causing it to be later than it should be. This will lead to more...
MultiRewardStaking does not work with fee-on-transfer tokens
Lines of code Vulnerability details The way MultiRewardStaking handles deposits does not work with fee-on-transfer tokens: deposit uses convertToShares to compute the number of shares to mint, which returns assets - ie a 1:1 equivalence between shares and the number of asset tokens. 98: function...
MultiRewardStaking claimRewards() reentrancy for ERC-777 reward tokens
Lines of code Vulnerability details Impact A hacker can drain an ERC-777 reward token funds via reentrancy. This is because in the claimRewards function, the transfer of the reward token which triggers the hacker's ERC-777 hook takes place before setting accruedRewardsuserrewardTokensi to zero...
claimRewards is not re-entrancy safe.
Lines of code Vulnerability details Impact In MultiRewardStaking the function claimRewards doesn’t have nonReentrant which makes it possible to re-enter the function. If one of the reward tokens in ERC-777 token, it is possible to re-enter and claim the reward again and again until the contract i...
reentrancy in MultiRewardStaking::claimRewards for tokens with transfer callbacks, like erc777
Lines of code Vulnerability details Impact An attacker can drain all the tokens from MultiRewardStaking Proof of Concept In claimtRewards important state changes are done after interactions with tokens: File: MultiRewardStaking.sol function claimRewardsaddress user, IERC20 memory rewardTokens...
Overflow tokens
Lines of code Vulnerability details Impact If admin will add more than 255 tokens in rewardToken, there would'nt any way to withdraw tokens or claim rewards Proof of Concept for example: all users deposit their money.After some time admin's add more tokensa, length of array with Token grow's to...
RewardTokens can be locked in MultiRewardStaking contract when the rewardsEndTimestamp of the rewardsTokens are different.
Lines of code Vulnerability details Impact To claim reward tokens from the MultiRewardStaking contract deployed, a user must call claimRewardsaddress user, IERC20 memory rewardsTokens. The rewardsTokens array is populated with getAllRewardsTokens which returns all the reward Tokens the...
MultiRewardStaking._accrueRewards can lead to loss of rewards for lower decimal tokens
Lines of code Vulnerability details Rewards accrual is computed in the following way: 406: deltaIndex = accrued.mulDivuint25610decimals, supplyTokens, Math.Rounding.Down.safeCastTo224; This can lead to truncation for low decimal tokens: Consider an instance with DAI as the asset, with a total of...
Incorrect computation in MultiRewardStaking changeRewardSpeed() leads to loss of rewards
Lines of code Vulnerability details Impact The changeRewardSpeed function computes rewardsEndTimestamp incorrectly for the case block.timestamp block.timestamp ? prevEndTime : block.timestamp.safeCastTo32, rewardsPerSecond, remainder If the prevEndTime block.timestamp then it can be reduced to...
Any user can drain the entire reward fund in MultiRewardStaking due to incorrect calculation of supplierDelta
Lines of code Vulnerability details Impact Reward deltaIndex in accrueRewards is multiplied by 10decimals but eventually divided by rewards.ONE which is equal to 10IERC20MetadataaddressrewardToken.decimals in accrueUser. If the number of decimals in MultiRewardEscrow share token differs from the...
Unsafe token transfer in MultiRewardStaking and VaultController contracts
Lines of code Vulnerability details Impact The vulnerability in the MultiRewardStaking and VaultController contracts lies in the usage of the transfer and transferFrom functions, which does not provide the safety checks for the transfer of tokens, especially since the reward token can have...