Vault WETH reward change is calculated wrong
Summary
Market::getVaultAccumulatedValues function incorrectly returns the WETH reward change values.
Vulnerability Details
vaultCreditShareX18is the proportion of the total credit that belongs to the specific vault.wethRewardChangeX18is the total amount of WETH rewards that need to be distributed.
In the current implementation the wethRewardChangeX18 is calculated simply by subtracting wethRewardPerVaultShare - lastVaultDistributedWethRewardPerShareX18. Multiplying wethRewardChangeX18 by vaultCreditShareX18 converts these per-share changes into absolute changes for the vault.
Without this multiplication, the rewards allocated to each vault will not be proportional to their credit share, leading to discrepancies in reward distribution.
Impact
Vaults may receive more or fewer WETH rewards than they are entitled to based on their credit share.
Recommendations
The wethRewardChangeX18 should be multiplied by vaultCreditShareX18 to calculate the total WETH rewards changes that the specific vault is entitled to, based on its share of the total delegated credit.
Lead Judging Commences
`wethRewardPerVaultShare` is incremented by `receivedVaultWethReward` amount which is not divided by number of shares.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.