Liquid Staking

Stakelink

DeFiHardhatOracle

50,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Incomplete reward distribution in LSTRewardsSplitter contract

zubyoz

Summary

The _splitRewards function in the LSTRewardsSplitter contract fails to properly handle scenarios where the total fees do not sum up to 100%. This oversight can result in undistributed rewards being inadvertently added to the principal deposits, potentially leading to fund mismanagement and a lack of transparency in the reward distribution process.

Vulnerability Details

The _splitRewards function is designed to distribute rewards to fee receivers based on their specified basis points. However, the current implementation has several shortcomings:

It does not track the total amount of rewards actually distributed.
It fails to address cases where the sum of all fees is less than 100% (10000 basis points).
It updates the principalDeposits to the current balance of the contract after distribution, which can result in undistributed rewards being implicitly added to the principal.
https://github.com/Cyfrin/2024-09-stakelink/blob/f5824f9ad67058b24a2c08494e51ddd7efdbb90b/contracts/core/lstRewardsSplitter/LSTRewardsSplitter.sol#L173-L187

function _splitRewards(uint256 _rewardsAmount) private {

for (uint256 i = 0; i < fees.length; ++i) {

Fee memory fee = fees[i];

uint256 amount = (_rewardsAmount * fee.basisPoints) / 10000;

if (fee.receiver == address(lst)) {

IStakingPool(address(lst)).burn(amount);

} else {

lst.safeTransfer(fee.receiver, amount);

}

principalDeposits = lst.balanceOf(address(this));

emit RewardsSplit(_rewardsAmount);

}

While there are checks in addFee and updateFee to ensure the total fees don't exceed 100%, there's no guarantee that they sum up to exactly 100%. This can lead to unexpected behavior in reward distribution.

Impact

If the total fees are less than 100%, a portion of the rewards will remain undistributed and will be implicitly added to principalDeposits. This could lead to an unintended inflation of the principal over time.

Also over time, the accumulation of undistributed rewards in the principal could lead to significant discrepancies between the expected and actual balance of the contract.

Tools Used

Manual review

Recommendations

Implement a mechanism to accurately track the total distributed rewards. Any remaining undistributed amount should be transferred to a designated address, such as a treasury or reserve fund. This approach ensures all rewards are accounted for and provides a clear audit trail for any excess funds.

Alternatively, modify the distribution algorithm to dynamically adjust the final fee allocation. This adjustment should account for any rounding discrepancies or minor calculation errors, ensuring that the entire reward amount is fully distributed among the existing fee receivers. This method guarantees complete distribution of rewards without the need for a separate treasury.

Updates

Lead Judging Commences

inallhonesty Lead Judge 12 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

50,000 USDC

nSLOC

2,530

20 USDC / LOC

High Medium

42,000 USDC

Low

4,250 USDC

Judges

3,750 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.