Rewards and PrincipalDeposits Miscalculation Leading to Future Rewards Discrepancies
Summary
In the current implementation of the LSTRewardsSplitter::_splitRewards function, the contract incorrectly updates principalDeposits after rewards are distributed. The remaining undistributed rewards get mixed with the principalDeposits, inflating it. This miscalculation causes future reward distributions to be inaccurately computed, leaving a portion of rewards undistributed over time. The impact of this issue compounds, resulting in significant underpayment to fee receivers.
Vulnerability Detail
The vulnerability arises because the contract incorrectly adds remaining rewards to the principalDeposits after a reward distribution. Instead of properly isolating the undistributed rewards from the principalDeposits, it treats the total balance of the contract as the new principalDeposits. This behavior causes future reward calculations to underestimate the amount of rewards to be distributed, leading to ongoing reward miscalculations.
Example Scenario:
-
Initial state:
Principal deposits: 1000 LST tokens.
New rewards: 500 LST tokens.
-
First reward distribution:
Distribute 500 LST tokens:
Receiver A (20%) gets 100 LST.
Receiver B (10%) gets 50 LST.
Remaining contract balance after the distribution: 1350 LST (1000 principal + 350 undistributed rewards).
-
Principal miscalculation:
The contract sets
principalDepositsto 1350 LST, incorrectly inflating it with the remaining 350 LST (undistributed rewards).
-
Next reward calculation:
New reward: 400 LST.
The contract’s balance becomes 1750 LST (1350 previous + 400 new).
Instead of calculating the actual reward to be 750 LST (1750 - 1000), it calculates only 400 LST due to the inflated principal (1750 - 1350).
Over time, this results in an increasing discrepancy between the actual rewards and what is calculated for distribution. Future reward calculations will continue to underestimate the rewards, leading to underpayment to fee receivers.
Impact
The impact of this issue is severe as it compounds over time:
Undistributed rewards: The contract systematically leaves rewards undistributed by treating them as part of the principal.
Underpayment to receivers: The fee receivers will receive less than what they are entitled to because the rewards are miscalculated.
Accumulative discrepancy: Each distribution cycle worsens the problem, resulting in an increasing amount of rewards being stuck in the contract.
This could cause significant financial loss over time as fewer rewards are distributed with each cycle.
Code Snippet
Tool used
Manual Review
Recommendation
To resolve this issue, the contract should correctly distinguish between the remaining undistributed rewards and the actual principalDeposits. The principalDeposits should remain unchanged, and only the rewards should be tracked and distributed. Here's a potential fix:
Maintain a separate variable to track the undistributed rewards instead of adding them to the principalDeposits.
Update the reward calculation logic to ensure accurate reward splits based on the actual principalDeposits and newly generated rewards.
This would prevent future reward miscalculations and ensure that the correct amount of rewards is always distributed.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.