Summary

A significant vulnerability has been identified in the staking contract where an attacker can exploit the reward distribution mechanism to receive staking rewards without maintaining a consistent stake in the contract. By leveraging a sandwich attack, an attacker can manipulate the sequence of transactions to unfairly claim rewards intended for genuine stakers.

Vulnerability Details

The staking contract is designed to distribute incoming rewards in WETH fairly among stakers based on their staked amount. However, the current design is vulnerable to a sandwich attack, where an attacker can:

1- Monitor the mempool for pending WETH transfer transactions intended for the staking contract.
2- Front-run the detected transaction by depositing a significant amount into the staking contract, effectively becoming a staker just before the reward is distributed.
3- Immediately after the reward distribution, back-run the detected transaction by withdrawing their deposit from the staking contract.
By executing this sequence, the attacker can claim 100% of his share of the rewards without maintaining a long-term stake in the contract, thereby depriving genuine stakers of their rightful rewards.

Impact

Genuine stakers might receive fewer rewards than they are entitled to, as the attacker siphons off a significant portion while not staking long term.

Tools Used

Manual Review

Recommendations

Implement a lock-up or cooldown period for deposits and withdrawals. This would mean that after depositing, a user cannot immediately withdraw their stake for a specified duration, preventing the described sandwich attack.