The Owner is unable to remove an account's splitter when calling LSTRewardsSplitterController::removeSplitter(...)
The owner calls this function: LSTRewardsSplitterController::removeSplitter(...)
If we consider that balance > principalDeposits
which is a very likely scenario, splitter.splitRewards();
will be called followed by splitter.withdraw(balance, _account);
since we considered the scenario where balance > principalDeposits
, newRewards > 0
and `_splitRewards(uint256(newRewards));` is executed:
If we consider that fee.receiver != address(lst)
then lst.safeTransfer(fee.receiver, amount);
will be executed and principalDeposits = lst.balanceOf(address(this)) < balance
from removeSplitter(...)
).
Now that splitter.splitRewards() was executed successfully, splitter.withdraw(balance, _account);
is executed and that's what happens:
This a broken functionality that prevents the owner from exercising his right of removing an account's splitter. This will only occur in the case where:
balance > principalDeposits: very likely
fee.receiver != address(lst): less likely
Likelihood: Medium
Impact: Medium
Manual analysis
Make the following change:
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.