The staking contract is vulnerable to a manipulation attack where an attacker can artificially inflate the contract’s token balance using the selfdestruct method. This action dilutes the rewards for legitimate stakers, leading to diminishing returns across the user base.
The vulnerability is from the staking contract using balanceOf(address(this))
to calculate rewards for users. This makes it suspectible to selfdestruct attacks. Where a malicous user forces ether into the contract.
Diminishing returns on claims for stakers
Manual Review
Track user balance internally istead of relying on balanceOf(address(this))
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.