Users may receive less rewards when depositing in `Staking.sol`
Summary
The deposit function in Staking.sol transfers TKN from the user to the contract befoe calling updateFor which could lead to a reduced amount of shares for the user.
Vulnerability Details
The deposit function in Staking.sol updates the user's position after the user has transferred TKN to the contract. During the update, the contract's balance of TKN is used to calculate the increase for the index. A larger TKN amount would mean a smaller increase.
The index is then used in updateFor when calculating accumulated shares for the user.
Update after:
-
User has 1000e18 of TKN in their balance. The contract has 100,000e18 tokens and 5,000e18 WETH. The current index is 1e18.
-
The user deposits 500e18 TKN which increases the contract's TKN amount to 100,500e18. Then the deposit function calls updateFor.
-
In update, the new ratio is 5,000e18 * 1e18 / 100,500e18 which is roughly 0.04975e18. The new index is 1.04975e18.
-
In updateFor, the share for the user is calculated as 1000e18 * 0.04975e18 / 1e18 == 49.75e18.
Update before:
-
The user calls deposit which calls update. In update, the new ratio is 5,000e18 * 1e18 / 100,000e18 == 0.05e18. The new index is 1.05e18.
-
In updateFor, the share for the user is calculated as 1000e18 * 0.05e18 / 1e18 == 50e18.
In this example, the user loses 0.25e18 WETH of rewards.
Impact
User's may lose rewards if they do not call updateFor before calling deposit.
Tools Used
Recommendations
Call updateFor before transferring TKN in the deposit function of Staking.sol.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.