Users will lose rewards when calling `stake`
Summary
In VaultRouterBranch.solthe stake function will cause users to lose rewards. This is due to incorrectly calling accumulateActorwithout distributing the valueChange. As a result the protocol will incorrectly update the lastValuePerShareof the actor, leading to loss of rewards.
Vulnerability Details
The following call will try to update the actor's rewards:
However when we check out the accumulateActor function we can see that the valueChange is not actually distributed:
Furthermore, the _updateLastValuePerSharewill return the accumulated rewards and perform the following storage updates:
This will update the lastValuePerSharewithout distributing the valueChangeas a result users will lose rewards, since the valueChangeis not distributed.
Consider the following scenario:
1.Alice is the only staker and has staked 5 index tokens.
2.The protocol accumulates a weth reward of 10weth which will be 2 weth per index token.
3.Alice calls stake again trying to stake another 5 tokens
4.Due to accumulateActornot distributing the `valueChange` these 10 weth will be stuck in the contract and Alice will be assumed to have successfully claimed them.
Impact
Definite loss of funds anytime stake is called.
Tools Used
Manual Review
Recommendations
Consider distributing the `valueChange` in the stake function.
Lead Judging Commences
Inside VaultRouterBranch if you stake wait some time then stake again makes you lose the rewards.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.