`LSTRewardsSplitter.sol::splitRewards` doesn't check that reward should be greater than rewardThreshold, which will lead to unfair reward spliting.
Summary
Vulnerability Details
`LSTRewardsSplitter.sol::splitRewards` function split rewards between differen fee receiver, there is a rewardThreshold varaible that tell us the minimum amount of reward to split, every time when rewards are splitting it should check that should be => then the rewardThreshold. but in `LSTRewardsSplitter.sol::splitRewards` function that check are missed.
```solidity
function splitRewards() external {
int256 newRewards = int256(lst.balanceOf(address(this))) - int256(principalDeposits);
if (newRewards < 0) {
principalDeposits -= uint256(-1 * newRewards);
} else if (newRewards == 0) {
revert InsufficientRewards();
} else {
_splitRewards(uint256(newRewards));
}
}
```
Impact
unfair divide of reward, first indexes of the fee array receiver can stole rewards. the call the function repeatedly when less amount are collected.
Tools Used
Manual Review, VS
Recommendations
Check the rewards are greater than rewardThreshold which is minimum amount of rewards need to be before splitings.
```solidity
function splitRewards() external {
int256 newRewards = int256(lst.balanceOf(address(this))) - int256(principalDeposits);
if (newRewards < 0) {
principalDeposits -= uint256(-1 * newRewards);
} else if (newRewards == 0) {
revert InsufficientRewards();
}
++ else if (uint256(newRewards) < controller.rewardThreshold()) {
++ revert InsufficientRewards();
} else {
_splitRewards(uint256(newRewards));
}
}
```
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.