Liquid Staking
Stakelink
DeFiHardhatOracle
50,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Wrong check is `splitRewards` function is breaking the main invariant

demorextess

Summary

Wrong check is splitRewards function is breaking the main invariant

Vulnerability Details

In splitRewards() function in LSTRewardSplitter.solis breaking the main invariant of the stake link protocol. In order to split the rewards through the receivers it should exceed min reward threshhold based on the docs. We can also see this in upkeep function in contract:

function performUpkeep(bytes calldata) external {
int256 newRewards = int256(lst.balanceOf(address(this))) - int256(principalDeposits);
if (newRewards < 0) {
principalDeposits -= uint256(-1 * newRewards);
&> } else if (uint256(newRewards) < controller.rewardThreshold()) {
revert InsufficientRewards();
} else {
_splitRewards(uint256(newRewards));
}
}

But this is not case of split rewards function which is also public and can be called by anyone

function splitRewards() external {
int256 newRewards = int256(lst.balanceOf(address(this))) - int256(principalDeposits);
if (newRewards < 0) {
principalDeposits -= uint256(-1 * newRewards);
&> } else if (newRewards == 0) { // @audit Wrong check, it should check reward threshold
revert InsufficientRewards();
} else {
_splitRewards(uint256(newRewards));
}
}

Impact

It's breaking the main invariant in the stake.link protocol and it should be a valid medium.

Tools Used

Manual Review

Recommendations

Apply correct if check in split rewards function.

Updates

Lead Judging Commences

inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.