Liquid Staking
Stakelink
DeFiHardhatOracle
50,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Wrong Fee Calculation in StakingPool Results in Less Fee than the Intended Amount to the Protocol

Gladiators

Summary

Wrong fee share calculation leads to minting a smaller amount of fee shares than the intended amount to the protocol, which causes the protocol to earn less than the expected amount on every reward distribution.

Vulnerability Details

The protocol incurs a loss of fees due to incorrect fee share calculation in StakingPool::_updateStrategyRewards. This results in receiving less fees than expected, leading to a loss for the protocol owners. The fee shares are not calculated according to the current asset-to-share value, resulting in fewer fee shares being minted than intended.

uint256 sharesToMint = (totalFeeAmounts * totalShares) /
(totalStaked - totalFeeAmounts);
_mintShares(address(this), sharesToMint);

Impact

The protocol cannot collect the full fee amount, which can result in a loss.

Tools Used

Manual Review

Recommendations

Use the formula below when calculating the fee shares to mint.

uint256 sharesToMint = (totalFeeAmounts * totalShares) /
(totalStaked - totalRewards);
_mintShares(address(this), sharesToMint);
Updates

Lead Judging Commences

inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.