Liquid Staking
Stakelink
DeFiHardhatOracle
50,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

The fees array can contain duplicates

ManuelSage321

Summary

The contract's constructor accepts an array of fees as an argument. When processing this array to populate the contract's fees storage array, there are no checks for duplicates. As a result, duplicate fee entries can be stored, potentially leading to incorrect reward distributions.

Vulnerability Details

The constructor of the contract accepts an array of Fee structures and directly adds them to the contract's storage without any validation:

constructor(address _lst, Fee[] memory _fees, address _owner) {
controller = ILSTRewardsSplitterController(msg.sender);
lst = IERC677(_lst);
for (uint256 i = 0; i < _fees.length; ++i) {
fees.push(_fees[i]);
}

This implementation lacks any checks for duplicate fee recipients or validation of fee percentages.

Impact

This discrepancy can lead to potential exploitation of the reward system. This inflates the total payout, imbalance in Intended distribution and causing recipients to receive more than their fair share.

Tools Used

Manual

Recommendations

The contract's constructor should include verification logic to ensure that no duplicate Fee entries are added during the loop. This can be achieved by checking each entry against previously added fees before appending it to the fees[] array, thereby maintaining the integrity of the reward distribution process.

Updates

Lead Judging Commences

inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.