The SDLPoolCCIPControllerSecondary contract faces a synchronization issue in updating the reSDL supply between the secondary and primary chains, leading to potential discrepancies in reward distributions.
The flaw is identified in the _ccipReceive function. The secondary chain fails to update its reSDL supply in sync with the primary chain, unless there's a distribution of SDL tokens as rewards. This behavior results in the secondary chain being frequently out of sync, especially when the reward distribution doesn't impact the reSDL supply.
This desynchronization can lead to the secondary chain often being out of sync with the primary chain, resulting in inaccurate reward distributions. Over time, this issue can cause significant discrepancies in reward allocation.
Manual Review
The recommended fix is to adjust the update mechanism. Directly check ISDLPoolSecondary(sdlPool).shouldUpdate()
in both the checkUpkeep
and performUpkeep
functions instead of using the storage variable shouldUpdate
. This change ensures the secondary chain stays up-to-date with the primary chain's reSDL supply, independent of the reward distribution events.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.