MorpheusAI
MorpheusAI
Foundry
22,500 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

users can claim multiple rewards for the same pool and drain protocol

kgothatso

Summary

users can claim multiple rewards from the same pool with different amounts and and do the same to other pools

Vulnerability Details

user can call claim function multiple time get a big reward the first time due the fact that userData.pendingRewards is updated to zero
and after this a user can still call claim and they will sill get rewards but it will be a small contact amount for every call.

This function will not return zero after the first claim call a user makes

function _getCurrentUserReward(uint256 currentPoolRate_, UserData memory userData_) private pure returns (uint256) {
uint256 newRewards_ = ((currentPoolRate_ - userData_.rate) * userData_.deposited) / PRECISION;
return userData_.pendingRewards + newRewards_;
}

Impact

loss of rewards for other users. drain multiple pool of rewards

Tools Used

manual

Recommendations

Add a boolean variable to check if a user has claimed rewards for a pool,or check if userData_.pendingRewards is zero.

function _getCurrentUserReward(uint256 currentPoolRate_, UserData memory userData_) private pure returns (uint256) {
+ if (userData_.pendingRewards==0)
+ return 0;
+ else{
uint256 newRewards_ = ((currentPoolRate_ - userData_.rate) * userData_.deposited) / PRECISION;
return userData_.pendingRewards + newRewards_;
+ }
}
Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.