Part 2
Zaros
PerpetualsDEXFoundrySolidity
70,000 USDC
View results
Previous Next
Submission Details
Severity: high
Valid

Incorrect Naming Convention and Description for Market::wethRewardPerVaultShare

io10

Summary

There is a misalignment between the variable’s name Market::wethRewardPerVaultShare and its actual usage and meaning . The name suggests that the variable holds a per-share (i.e., a ratio) amount of WETH rewards relative to vault credit. This is also inferred in the docs description which say:

/// @param wethRewardPerVaultShare The amount of weth reward accumulated by the market per vault delegated credit

In practice, it simply stores the total wETH reward accumulated for the entire market.

Vulnerability Details

See market::receiveWethReward below:

function receiveWethReward(
Data storage self,
address asset,
UD60x18 receivedProtocolWethRewardX18,
UD60x18 receivedVaultsWethRewardX18
)
internal
{
// if a market credit deposit asset has been used to acquire the received weth, we need to reset its balance
if (asset != address(0)) {
// removes the given asset from the received market fees enumerable map as we assume it's been fully
// swapped to weth
self.receivedFees.remove(asset);
}
// increment the amount of pending weth reward to be distributed to fee recipients
self.availableProtocolWethReward =
ud60x18(self.availableProtocolWethReward).add(receivedProtocolWethRewardX18).intoUint128();
// increment the all time weth reward storage
self.wethRewardPerVaultShare =
ud60x18(self.wethRewardPerVaultShare).add(receivedVaultsWethRewardX18).intoUint128();
}

In this function, self.wethRewardPerVaultShare is incremented by receivedVaultsWethRewardX18 which is the total vaults weth reward for the market which is different to the description in the natspec about the variable. There is no division or per-share calculation involved. This naming mismatch can create confusion for anyone reading or maintaining the code.

Impact

Misleading naming can cause future maintainers to incorrectly use the variable or build features on top of wrong assumptions, possibly introducing errors in reward distribution logic or reporting down the line. It can lead to confusion or misimplementation if developers rely on the inaccurate name or documentation to make assumptions about how rewards are calculated.

Tools Used

Manual Review

Recommendations

Rename the Variable: Change market::wethRewardPerVaultShare to a more descriptive name, such as totalWethRewardsForVaults, accumulatedVaultWethRewards, or similar.

Update Documentation: Ensure that the natspec comments and any external references reflect the true nature of the variable (i.e., it is a total accumulated reward rather than a per-share metric).

Confirm Future Calculation Requirements: If a per-share metric is needed, add additional logic or a separate variable that divides the accumulated WETH amount by the total delegated credit to correctly represent a per-share figure.

Updates

Lead Judging Commences

inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

`wethRewardPerVaultShare` is incremented by `receivedVaultWethReward` amount which is not divided by number of shares.

Appeal created

hard1k Auditor
6 months ago
inallhonesty Lead Judge
6 months ago
inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

`wethRewardPerVaultShare` is incremented by `receivedVaultWethReward` amount which is not divided by number of shares.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.