User will lose staking rewards if they stake again without claiming initial rewards
Summary
Users can stake their index tokens to earn a proportion of fees through the stake function in VaultRouterBranch. The amount of shares staked is set in the Distribution logic when setActorShares is called. It also keeps track of the current value per share at the time of staking. An issue occurs when a user attempts to stake again and this variable is updated without the user ever claiming their fees between the last and latest update.
Vulnerability Details
A user stakes and their shares are set in setActorShares where it also updates the last value share through _updateLastValuePerShare. This is where the current value is set to lastValuePerShare for future calculations.
This way if the value per share were to increase, the staker would be eligible for the difference. This delta value calculation is done through _getActorValueChange. A problem arises if a user stakes a second time without claiming their current rewards. lastValuePerShare will be updated again and when the delta calculation is made the next time a user were to claim fees, they would only receive the difference from the second time they staked.
The accumulate rewards function doesnt actually accumulate the rewards for the user up to this point. They would need to call claimFees to get rewards up to this point.
Impact
User can lose fees
Tools Used
Manual Review
Recommendations
Add logic for the user to claim before staking again or require the user to claim like in unstake
Lead Judging Commences
Inside VaultRouterBranch if you stake wait some time then stake again makes you lose the rewards.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.