Submission Details
Severity:
The parameter totalShares in StakingRewardsPool is not initialized
Summary
In the contract StakingRewardsPool the parameter totalShares is not initialized.
Vulnerability Details
Only one point for initialization is in _mintShares function.
function _mintShares(address _recipient, uint256 _amount) internal {
require(_recipient != address(0), "Mint to the zero address");
if (totalShares == 0) {
shares[address(0)] = DEAD_SHARES;
totalShares = DEAD_SHARES;
_amount -= DEAD_SHARES;
}
totalShares += _amount;
shares[_recipient] += _amount;
}
Impact
Checking if (totalShares == 0) each time a function is invoked can be gas-consuming.
And please check _burn function. Here, totalShares -= sharesToBurn can result in a value overflow and revert.
/**
* @notice Burns shares belonging to an account
* @dev takes an LST amount and calculates the amount of shares it corresponds to
* @param _account account to burn shares for
* @param _amount LST amount
*/
function _burn(address _account, uint256 _amount) internal override {
uint256 sharesToBurn = getSharesByStake(_amount);
require(_account != address(0), "Burn from the zero address");
require(shares[_account] >= sharesToBurn, "Burn amount exceeds balance");
totalShares -= sharesToBurn;
shares[_account] -= sharesToBurn;
emit Transfer(_account, address(0), _amount);
}
Tools Used
forge
Recommendations
Please set a default value for totalShares to avoid checking its value each time.
Prize pool breakdown
Total prize
50,000 USDC
nSLOC
2,53020 USDC / LOC
42,000 USDC
4,250 USDC
3,750 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.