Liquid Staking
Stakelink
DeFiHardhatOracle
50,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Incorrect logic in checkUpkeep function

sabit

Summary

The checkUpkeep function in the LSTRewardsSplitter contract contains a logical error that could lead to incorrect triggering of the performUpkeep function. The function returns true under conditions that do not align with the intended behavior.

Vulnerability Details

The checkUpkeep function is designed to determine whether the performUpkeep function should be called to split new rewards. However, its current implementation contains a logical flaw in its return condition:

if (newRewards < 0 || uint256(newRewards) >= controller.rewardThreshold())
return (true, bytes(""));

https://github.com/Cyfrin/2024-09-stakelink/blob/f5824f9ad67058b24a2c08494e51ddd7efdbb90b/contracts/core/lstRewardsSplitter/LSTRewardsSplitter.sol#L92C4-L93C38

This condition will return true in two scenarios:

  1. When newRewards is negative

  2. When newRewards is greater than or equal to controller.rewardThreshold()

The first condition (newRewards < 0) is particularly problematic as it suggests that upkeep should be performed when the contract has fewer tokens than its recorded principal deposits. This scenario should typically be handled as an error state rather than triggering a reward distribution.

Impact

checkUpkeep function returns true when it should return false

Tools Used

Manual review

Recommendations

Modify the checkUpkeep function to only return true when there are actual rewards to distribute.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Appeal created

sabit Submitter
about 1 year ago
inallhonesty Lead Judge
about 1 year ago
inallhonesty Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.