Liquid Staking

Stakelink

DeFiHardhatOracle

50,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

reorderStrategies function can cause spoiled rewards

Dup1337

Summary

The StakingPool contract allows the owner to reorder the strategies used for staking through the reorderStrategies function.

This function does not account for the depositChange of each strategy, which represents the net change in deposits and is used to calculate rewards and fees.
By reordering strategies during certain market conditions (e.g., transitioning from a bull market to a bear market), the owner can unexpectedly manipulate the distribution of withdrawals and deposits among strategies. This issue can disadvantage certain strategies and their contributors, affecting their rewards and fees.

Specifically, moving a strategy with a positive depositChange from the last position to the first can prevent it from being withdrawn from first (since withdrawals are processed in descending order), allowing it to retain positive depositChange while other strategies may have negative depositChange.

Vulnerability Details

The reorderStrategies function allows the contract owner to change the order of strategies arbitrarily without accounting for their current depositChange or the potential impact on rewards and fees as seen below;

Contract: StakingPool.sol

323: /**

324: * @notice Reorders strategies

325: * @param _newOrder list containing strategy indexes in a new order

326: **/

327: function reorderStrategies(uint256[] calldata _newOrder) external onlyOwner {

328: require(_newOrder.length == strategies.length, "newOrder.length must = strategies.length");

329:

330: address[] memory strategyAddresses = new address[]();

331: for (uint256 i = 0; i < strategies.length; i++) {

332: strategyAddresses[i] = strategies[i];

333: }

334:

335: for (uint256 i = 0; i < strategies.length; i++) {

336: require(strategyAddresses[_newOrder[i]] != address(0), "all indices must be valid");

337: strategies[i] = strategyAddresses[_newOrder[i]];

338: strategyAddresses[_newOrder[i]] = address(0);

339: }

340: }

So in a bull market scenario where we can say there is demand for the protocol;

The last strategy in the array will receive more deposits, resulting in a positive depositChange. Hence,contributors to this strategy will receive more rewards due to the positive depositChange after this function call.

And when the market shifts to bear market (less demand for the protocol, users are getting out) at the time of call;

Overall deposits decrease, and withdrawals increase, so the strategies in later positions in the array starts experiencing negative depositChange due to withdrawals. Hence, in this condition, contributors in these strategies receive fewer rewards.

Impact

Unfair reward distribution

Tools Used

Manual Review

Recommendations

This requires further implementations whether any strategy should be re-ordered or remained.

Updates

Lead Judging Commences

inallhonesty Lead Judge

about 1 year ago

inallhonesty Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

50,000 USDC

nSLOC

2,530

20 USDC / LOC

High Medium

42,000 USDC

Low

4,250 USDC

Judges

3,750 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.