`removeSplitter` function reverts when there's rewards in the splitter being removed
Summary
In LSTRewardsSplitterController, removeSplitter function is called by admin to remove a splitter, but it tries to withdraw the total balance even after splitting rewards, which results in transaction failure.
Vulnerability Details
Here's the code snippet of removeSplitter function that includes the vulnerability:
When balance is not equal to principal deposits(which means it has rewards), it calls splitRewards for reward distribution.
After the call, it calls withdraw function with previous balance, which is bigger than current balance.
As a result, the transaction reverts.
Impact
Admin won't be able to remove a splitter.
Tools Used
Manual Review
Recommendations
The balance has to be refetched to withdraw correct amount.
Lead Judging Commences
In `removeSplitter` the `principalDeposits` should be used as an input for `withdraw` instead of balance after splitting the existing rewards.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.