The stake
function in the Steaking
contract replaces the existing staked amount for a user with the new stake value, rather than incrementing it.
The current implementation of the stake
function overwrites the staked amount for the _onBehalfOf
address with the new amount:
Instead of adding the new stake to the existing amount, this assignment completely replaces the previous balance with msg.value
. As a result, if a user stakes multiple times, their earlier stakes are lost and replaced with the most recent amount.
This behavior prevents users from incrementally increasing their staked balance. Instead of aggregating stakes, each new stake replaces the previous one, leading to inaccurate tracking of the total staked amount. This can cause incorrect points calculations and potential issues with rewards distribution or staking history.
Manual Code Review
Update the stake
function to increment the existing stake rather than replacing it, ensuring that users can increase their stake progressively.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.