Submission Details
Severity:
Loss of stake when user withdraw
Vulnerability Details
When a user withdraw their token, before claiming in they loose out on the opportunity to claim their rewards later on, this puts them in a position of losing their earnings
POC
function test_Poc_Withdraw_ClaimRewards() public {
//Alice and Bob are soulmates
//Alice decided to stake her token for one week
//But before claiming are earnings, she decided to Withdraw
//Buy doing this she have lost out on her earnings
uint balancePerSoulmates = 1 ether;
_giveLoveTokenToSoulmates(balancePerSoulmates);
vm.startPrank(soulmate1);
loveToken.approve(address(stakingContract), balancePerSoulmates);
stakingContract.deposit(balancePerSoulmates);
vm.warp(block.timestamp + 1 weeks + 60 seconds);
stakingContract.withdraw(balancePerSoulmates);
assertTrue(loveToken.balanceOf(soulmate1) == balancePerSoulmates);
// Alice should be able to claim 1 LoveToken but this won't be possible because she withdrew
stakingContract.claimRewards();
assertTrue(loveToken.balanceOf(soulmate1) == balancePerSoulmates * 2);
}
Impact
Lost of rewards
Tools Used
Manual Analysis
Recommendations
Call the claimRewards() function inside the rewards function.
function withdraw(uint256 amount) public {
+ claimRewards();
// No require needed because of overflow protection
userStakes[msg.sender] -= amount;
loveToken.transfer(msg.sender, amount);
emit Withdrew(msg.sender, amount);
}
Updates
Lead Judging Commences
0xnevi over 1 year ago
Submission Judgement Published Assigned finding tags:
finding-withdraw-before-claimReward
If we we implement a correct claimRewards function with its intended logic, this would indeed be an issue. I believe low severity for this findings and its duplicates to be appropriate given it is dependent on users lack of understanding of claiming rewards first before a withdrawal.
Rewards breakdown
nSLOC
233This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.